PT-2026-28520

Name of the Vulnerable Software and Affected Versions FOG versions prior to 1.5.10.1812 Description FOG, a free open-source cloning/imaging/rescue suite/inventory management system, contains a Stored Cross-Site Scripting XSS issue. This occurs due to insufficient server-side parameter sanitizatio...

CVE-2024-39914

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34...

CVE-2024-39916

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the...

CVE-2023-46237

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their...

PT-2024-29266 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.41 Description: The hostinfo page in FOG has missing or improper access control, allowing configuration information to be obtained using only the host's mac address, but only if a task is pending on that host...