The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2024-02-15T02:29:23.672Z
Updated: 2024-06-28T02:07:12.109Z
Reserved: 2024-02-15T01:33:48.679Z
Link: CVE-2024-26261
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-02-15T03:15:35.083
Modified: 2024-02-15T06:23:39.303
Link: CVE-2024-26261
JSON object: View
Redhat Information
No data.
CWE