Lucene search

GitHub_MCVELIST:CVE-2024-39914

HistoryJul 12, 2024 - 2:46 p.m.

CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename=

2024-07-1214:46:44

CWE-77

GitHub_M

www.cve.org

fog

command injection

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.0%

JSON

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

CNA Affected

[
  {
    "vendor": "FOGProject",
    "product": "fogproject",
    "versions": [
      {
        "version": "< 1.5.10.34",
        "status": "affected"
      }
    ]
  }
]

References

github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759f

github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.0%

JSON

Related for CVELIST:CVE-2024-39914