go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

HGiga OAKloud Portal - SQL injection -1

TVN ID TVN-202101005
CVE ID CVE-2021-22851
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products OAKSv20 OAKlouds-document_v3 2.0<2.0-54
OAKSv30 OAKlouds-document_v3 3.0<3.0-54
Description HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
Solution OAKSv20 OAKlouds-document_v3 2.0 >= 2.0-54
OAKSv30 OAKlouds-document_v3 3.0 >= 3.0-54
Credit Jia-Rong Chen
Public Date 2021-01-19

Links

  1. CVE-2021-22851
  2. CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Portal System
Top