GCVE - cpe:2.3:a:hgiga:oaklouds:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hgiga:oaklouds:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Hgiga (`3395f64f-c7c9-5c57-a478-cf9fa807fa6c`)
Product	Oaklouds (`e791fdaa-755c-54d5-a343-e159e15fe1c4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-9924`	vulnerable	2026-06-03 14:58:22.874720	Hgiga OAKlouds - Arbitrary File Read And Delete CRITICAL (9.8) The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . Published: 2024-10-14T03:23:21.849Z Updated: 2024-10-15T14:35:57.173Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-8130-89bb1-1.html https://www.twcert.org.tw/en/cp-139-8131-0b5e1-2.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-26261`	vulnerable	2026-06-03 14:55:15.466484	Hgiga OAKlouds - Arbitrary File Read And Delete CRITICAL (9.8) The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. Published: 2024-02-15T02:29:23.672Z Updated: 2024-08-02T00:07:19.038Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-26260`	vulnerable	2026-06-03 14:55:15.456182	Hgiga OAKlouds - Command Injection CRITICAL (9.8) The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. Published: 2024-02-15T02:18:34.668Z Updated: 2024-08-21T15:28:01.013Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38118`	vulnerable	2026-06-03 14:47:49.280822	HGiga OAKlouds - SQL Injection HIGH (8.8) OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. Published: 2022-08-30T04:25:28.204Z Updated: 2024-09-16T17:29:10.368Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.