Описание
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 188 (исключая)Версия до 188 (исключая)Версия до 1051 (исключая)Версия до 1051 (исключая)
Одно из
cpe:2.3:a:hgiga:oaklouds-organization-2.0:*:*:*:*:*:*:*:*
cpe:2.3:a:hgiga:oaklouds-organization-3.0:*:*:*:*:*:*:*:*
cpe:2.3:a:hgiga:oaklouds-webbase-2.0:*:*:*:*:*:*:*:*
cpe:2.3:a:hgiga:oaklouds-webbase-3.0:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02746
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
EPSS
Процентиль: 86%
0.02746
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78