Unrated severityNVD Advisory· Published Jul 31, 2024· Updated Jul 31, 2024

FOG Authenticated File Upload RCE

CVE-2024-40645

Description

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.

Affected products

Fogproject/Fogprojectv5
Range: < 1.5.10.41

Patches

4479e2340760

https://github.com/fogproject/fogprojectvia osv

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.phpmitrex_refsource_MISC
github.com/FOGProject/fogproject/commit/9469606a18bf8887740cceed6593a2e0380b5e0cmitrex_refsource_MISC
github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4fmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000