First published: Thu Feb 15 2024(Updated: )
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
HGiga OAKlouds | ||
Hgiga Oaklouds Organization 2.0 | <188 | |
Hgiga Oaklouds Organization 3.0 | <188 | |
Hgiga Oaklouds Organization 2.0 | <1051 | |
Hgiga Oaklouds Webbase 3.0 | <1051 |
Update OAKlouds-organization-2.0 to 188 or later version Update OAKlouds-organization-3.0 to 188 or later version Update OAKlouds-webbase-2.0 to 1051 or later version Update OAKlouds-webbase-3.0 to 1051 or later version
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-26260 has been classified as a critical severity vulnerability due to its potential for remote code execution.
To mitigate CVE-2024-26260, update your HGiga OAKlouds software to the latest version that addresses this vulnerability.
CVE-2024-26260 affects HGiga OAKlouds versions prior to 2.0.188 and 3.0.188, including specific web-based modules.
An attacker exploiting CVE-2024-26260 can execute arbitrary commands on the affected server, potentially compromising the system.
Currently, the recommended approach for CVE-2024-26260 is to upgrade to a patched version as no effective workaround has been published.