Unrated severityNVD Advisory· Published Jul 12, 2024· Updated Aug 2, 2024

FOG has a command injection in /fog/management/export.php?filename=

CVE-2024-39914

Description

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

Affected products

Fogproject/Fogprojectv5
Range: < 1.5.10.34

Patches

4479e2340760

https://github.com/fogproject/fogprojectvia osv

2413bc034753

https://github.com/fogproject/fogprojectvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759fmitrex_refsource_MISC
github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8jmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000