FOG Project < 1.5.10.34 - Remote Command Execution

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. id: CVE-2024-39914 info: name: FOG Project 1.5.10.34 - Remote...

CVE-2026-33739

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages Host, Storage, Group, Image, Printer, Snapin are vulnerable to Stored Cross-Site Scripting XSS, due to insufficient server-side parameter...

CVE-2026-33739

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages Host, Storage, Group, Image, Printer, Snapin are vulnerable to Stored Cross-Site Scripting XSS, due to insufficient server-side parameter...

CVE-2026-33739 FOG has Stored XSS in Multiple Management Pages

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages Host, Storage, Group, Image, Printer, Snapin are vulnerable to Stored Cross-Site Scripting XSS, due to insufficient server-side parameter...

FOG 跨站脚本漏洞

FOG is an open-source computer cloning and management system developed by the FOG Project. Versions of FOG prior to 1.5.10.1812 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient server-side parameter cleaning and the lack of HTML escaping in list tables,...

CVE-2026-24138

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...

CVE-2026-24138 FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...

FOG code issues and vulnerabilities

FOG is an open-source computer cloning and management system developed by the FOG Project. Versions of FOG 1.5.10.1754 and earlier contained code vulnerabilities. These vulnerabilities stemmed from unvalidated server-side request forgery in the getversion.php script, which could lead to the...

VulnCheck KEV: CVE-2025-58443

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

EUVD-2025-27087

Malicious code in bioql PyPI...

CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

FOG 访问控制错误漏洞

FOG is an open source computer cloning and management system open-sourced by the FOG Project. An access control error vulnerability exists in FOG 1.5.10.1673 and prior versions, which stems from an authentication bypass that could allow an attacker to unauthenticatedly dump a full SQL database...

PT-2025-36400

Name of the Vulnerable Software and Affected Versions: FOG versions 1.5.10.1673 and below Description: FOG is a free open-source cloning/imaging/rescue suite/inventory management system. An authentication bypass vulnerability exists, allowing an attacker to perform an unauthenticated database dum...

Fog Project 1.5.9 Shell Upload

Exploit Title: Fog Project - File Upload RCE Authenticated Date: 2021-04-28 Exploit Author: [email protected] Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb file...

FOG has multiple vulnerabilities

FOG is a free, open source, computer cloning and management solution. FOG has multiple vulnerabilities that allow input from certain unauthenticated users since parameters in the library function in the FOGManagerController.class.php file are not sanitized. An attacker can leverage this...

Multiple Stored XSS in FOG Image deployment system - FD

Vulnerability title: Multiple Stored Cross-Site scripting CVE: CVE-2014-3111 Vendor: FOG Project Product: FOG Imaging system Affected version: 0.27 – 0.32latest Fixed version: N/A Reported by: Dolev Farhi ---------------------------- VULNERABILITY Details: ---------------------------- Latest and...