CVE-2023-25909
HGiga Inc. OAKlouds - Arbitrary File Upload
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
27 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
HGIGA INC. · HGiga OAKloudsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →