📦 Fogproject

This CVE describes an authentication bypass vulnerability in FOG Project versions 1.5.10.1673 and below that allows unauthenticated attackers to dump the entire SQL database. All organizations using v...

This vulnerability allows remote attackers to execute arbitrary commands on FOG Project servers via command injection in the filename parameter. It affects all FOG Project installations prior to versi...

This vulnerability allows authenticated users in FOG Project to upload malicious files disguised as images, leading to remote code execution on the server. Attackers can append PHP webshells to image ...

CVE-2024-34477 is a local privilege escalation vulnerability in FOG Project's configureNFS function that allows authenticated local users to gain root privileges by mounting a malicious NFS share. The...

CVE-2023-46236 is a server-side request forgery (SSRF) vulnerability in FOG Project that allows unauthenticated attackers to make arbitrary GET requests from the server to internal or external endpoin...

CVE-2021-32243 is an authenticated file upload vulnerability in FOGProject that allows remote code execution. Attackers with valid credentials can upload malicious files to execute arbitrary commands ...

FOG Server versions 1.5.10.41.4 and earlier store login logs in publicly accessible web server directories, exposing usernames, IP addresses, and user agents. This information disclosure vulnerability...

CVE-2024-41954 is an information disclosure vulnerability in FOG Project where plaintext service account credentials are stored in a world-readable configuration file. Any local user on the host can r...