Fogproject
by Fogproject
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24138 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2026 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both… | ||
| CVE-2026-33739 | Med | 0.30 | 5.7 | 0.00 | Mar 27, 2026 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) are vulnerable to Stored Cross-Site Scripting (XSS), due to insufficient… | ||
| CVE-2025-58443 | 0.01 | — | 0.18 | Sep 6, 2025 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without… | |||
| CVE-2024-42349 | 0.00 | — | 0.01 | Aug 2, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log… | |||
| CVE-2024-42348 | 0.00 | — | 0.01 | Aug 2, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395. | |||
| CVE-2024-41954 | 0.00 | — | 0.00 | Jul 31, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could… | |||
| CVE-2024-41108 | 0.00 | — | 0.01 | Jul 31, 2024 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending… | |||
| CVE-2024-40645 | 0.00 | — | 0.01 | Jul 31, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650… | |||
| CVE-2024-39916 | 0.00 | — | 0.00 | Jul 12, 2024 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports… | |||
| CVE-2024-39914 | 0.00 | — | 0.23 | Jul 12, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. | |||
| CVE-2023-46237 | 0.00 | — | 0.00 | Oct 31, 2023 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover… | |||
| CVE-2023-46236 | 0.00 | — | 0.00 | Oct 31, 2023 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This… | |||
| CVE-2023-46235 | 0.00 | — | 0.00 | Oct 31, 2023 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in… | |||
| CVE-2021-32243 | 0.00 | — | 0.01 | Jun 16, 2021 | FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). |
- risk 0.49cvss 7.5epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both…
- risk 0.30cvss 5.7epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) are vulnerable to Stored Cross-Site Scripting (XSS), due to insufficient…
- CVE-2025-58443Sep 6, 2025risk 0.01cvss —epss 0.18
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without…
- CVE-2024-42349Aug 2, 2024risk 0.00cvss —epss 0.01
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log…
- CVE-2024-42348Aug 2, 2024risk 0.00cvss —epss 0.01
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.
- CVE-2024-41954Jul 31, 2024risk 0.00cvss —epss 0.00
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could…
- CVE-2024-41108Jul 31, 2024risk 0.00cvss —epss 0.01
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending…
- CVE-2024-40645Jul 31, 2024risk 0.00cvss —epss 0.01
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650…
- CVE-2024-39916Jul 12, 2024risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports…
- CVE-2024-39914Jul 12, 2024risk 0.00cvss —epss 0.23
FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.
- CVE-2023-46237Oct 31, 2023risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover…
- CVE-2023-46236Oct 31, 2023risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This…
- CVE-2023-46235Oct 31, 2023risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in…
- CVE-2021-32243Jun 16, 2021risk 0.00cvss —epss 0.01
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).