CVE-2024-26261

Name of the Vulnerable Software and Affected Versions HGiga OAKlouds (affected versions not specified)

Description The issue concerns an Arbitrary File Read and Delete vulnerability in the file download functionality of certain HGiga OAKlouds modules. Attackers can exploit this by specifying a file path in specific request parameters, allowing them to download files without logging in. Additionally, the file is deleted after being downloaded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.