Описание
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 188 (исключая)Версия до 188 (исключая)Версия до 1051 (исключая)Версия до 1051 (исключая)
Одно из
cpe:2.3:a:hgiga:oaklouds-organization-2.0:*:*:*:*:*:*:*:*
cpe:2.3:a:hgiga:oaklouds-organization-3.0:*:*:*:*:*:*:*:*
cpe:2.3:a:hgiga:oaklouds-webbase-2.0:*:*:*:*:*:*:*:*
cpe:2.3:a:hgiga:oaklouds-webbase-3.0:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00253
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
EPSS
Процентиль: 48%
0.00253
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-22