TVN ID | TVN-202402003 |
---|---|
CVE ID | CVE-2024-26261 |
CVSS | 9.8 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Affected Products | OAKlouds-organization-2.0 before version 188、OAKlouds-organization-3.0 before version 188、OAKlouds-webbase-3.0 before version 1051、OAKlouds-webbase-2.0 before version 1051 |
Description | The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. |
Solution | Update OAKlouds-organization-2.0 to 188 or later version Update OAKlouds-organization-3.0 to 188 or later version Update OAKlouds-webbase-2.0 to 1051 or later version Update OAKlouds-webbase-3.0 to 1051 or later version |
Credit | Fi Liu (CHT Security) |
Public Date | 2024-02-15 |