FOG Suite Vulnerability Alert

CVE-2024-39914

9.8CRITICAL

Key Information

Vendor: Fogproject
Status: Fogproject
Vendor: CVE Published:; 12 July 2024

Summary

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

Affected Version(s)

fogproject = < 1.5.10.34

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 12, 2024
Vulnerability Reserved.
Jul 2, 2024

Collectors

NVD DatabaseMitre Database