Fogproject
Products
3- 14 CVEs
- 10 CVEs
- 1 CVE
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24138 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2026 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both… | ||
| CVE-2026-33739 | Med | 0.30 | 5.7 | 0.00 | Mar 27, 2026 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) are vulnerable to Stored Cross-Site Scripting (XSS), due to insufficient… | ||
| CVE-2025-58443 | 0.01 | — | 0.18 | Sep 6, 2025 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without… | |||
| CVE-2024-42349 | 0.00 | — | 0.01 | Aug 2, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log… | |||
| CVE-2024-42348 | 0.00 | — | 0.01 | Aug 2, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395. | |||
| CVE-2024-41954 | 0.00 | — | 0.00 | Jul 31, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could… | |||
| CVE-2024-41108 | 0.00 | — | 0.01 | Jul 31, 2024 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending… | |||
| CVE-2024-40645 | 0.00 | — | 0.01 | Jul 31, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650… | |||
| CVE-2024-39916 | 0.00 | — | 0.00 | Jul 12, 2024 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports… | |||
| CVE-2024-39914 | 0.00 | — | 0.23 | Jul 12, 2024 | FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. | |||
| CVE-2024-34477 | 0.00 | — | 0.00 | May 27, 2024 | configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable… | |||
| CVE-2023-46237 | 0.00 | — | 0.00 | Oct 31, 2023 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover… | |||
| CVE-2023-46236 | 0.00 | — | 0.00 | Oct 31, 2023 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This… | |||
| CVE-2023-46235 | 0.00 | — | 0.00 | Oct 31, 2023 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in… | |||
| CVE-2021-32243 | 0.00 | — | 0.01 | Jun 16, 2021 | FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). | |||
| CVE-2014-3111 | 0.00 | — | 0.01 | Oct 21, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage… |
- risk 0.49cvss 7.5epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both…
- risk 0.30cvss 5.7epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) are vulnerable to Stored Cross-Site Scripting (XSS), due to insufficient…
- CVE-2025-58443Sep 6, 2025risk 0.01cvss —epss 0.18
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without…
- CVE-2024-42349Aug 2, 2024risk 0.00cvss —epss 0.01
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log…
- CVE-2024-42348Aug 2, 2024risk 0.00cvss —epss 0.01
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.
- CVE-2024-41954Jul 31, 2024risk 0.00cvss —epss 0.00
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could…
- CVE-2024-41108Jul 31, 2024risk 0.00cvss —epss 0.01
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending…
- CVE-2024-40645Jul 31, 2024risk 0.00cvss —epss 0.01
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650…
- CVE-2024-39916Jul 12, 2024risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports…
- CVE-2024-39914Jul 12, 2024risk 0.00cvss —epss 0.23
FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.
- CVE-2024-34477May 27, 2024risk 0.00cvss —epss 0.00
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable…
- CVE-2023-46237Oct 31, 2023risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover…
- CVE-2023-46236Oct 31, 2023risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This…
- CVE-2023-46235Oct 31, 2023risk 0.00cvss —epss 0.00
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in…
- CVE-2021-32243Jun 16, 2021risk 0.00cvss —epss 0.01
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
- CVE-2014-3111Oct 21, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage…