This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hgiga First view 2021-01-19
Product Oaklouds Portal Last view 2023-03-27
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:hgiga:oaklouds_portal:-:*:*:*:*:*:*:* 5
cpe:2.3:a:hgiga:oaklouds_portal:*:*:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
0 2023-03-27 CVE-2023-25909

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.

0 2022-08-30 CVE-2022-38118

OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.

10 2021-09-15 CVE-2021-37913

The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

9.8 2021-09-15 CVE-2021-37912

The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.

9.8 2021-01-19 CVE-2021-22850

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
33% (1) CWE-306 Missing Authentication for Critical Function
33% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...