VYPR

Fogproject

by Fogproject

Source repositories

CVEs (14)

  • CVE-2026-24138HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both…

  • CVE-2026-33739MedMar 27, 2026
    risk 0.30cvss 5.7epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) are vulnerable to Stored Cross-Site Scripting (XSS), due to insufficient…

  • CVE-2025-58443Sep 6, 2025
    risk 0.01cvss epss 0.18

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without…

  • CVE-2024-42349Aug 2, 2024
    risk 0.00cvss epss 0.01

    FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log…

  • CVE-2024-42348Aug 2, 2024
    risk 0.00cvss epss 0.01

    FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.

  • CVE-2024-41954Jul 31, 2024
    risk 0.00cvss epss 0.00

    FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could…

  • CVE-2024-41108Jul 31, 2024
    risk 0.00cvss epss 0.01

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending…

  • CVE-2024-40645Jul 31, 2024
    risk 0.00cvss epss 0.01

    FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650…

  • CVE-2024-39916Jul 12, 2024
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports…

  • CVE-2024-39914Jul 12, 2024
    risk 0.00cvss epss 0.23

    FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

  • CVE-2023-46237Oct 31, 2023
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover…

  • CVE-2023-46236Oct 31, 2023
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This…

  • CVE-2023-46235Oct 31, 2023
    risk 0.00cvss epss 0.00

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in…

  • CVE-2021-32243Jun 16, 2021
    risk 0.00cvss epss 0.01

    FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).