FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.
The vulnerability is located in the file packages/web/lib/fog/reportmaker.class.php and is triggered via the filename parameter passed to the /fog/management/export.php endpoint. Lack of proper validation and sanitization of this parameter allows injection of arbitrary system commands (command injection, CWE-77), which are then executed by the server with the permissions of the web process.
An attacker can take full control of the server — gain access to sensitive data, modify system data, or cause service unavailability (complete CIA triad: confidentiality, integrity, availability at HIGH level according to CVSS).
FOGProject must be immediately updated to version 1.5.10.34 or newer, in which the vulnerability has been fixed. The patch is available in the project's GitHub repository (commit 2413bc034753c32799785e9bf08164ccd0a2759f).
FOGProject in versions earlier than 1.5.10.34
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFogproject
APPFogproject< 1.5.10.41
Related vulnerabilities
FOG Project – pomijanie uwierzytelnienia umożliwia zrzut bazy danych
FOG Server — wyciek danych uwierzytelniających Active Directory przy rejestracji komputera
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload featur...
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has miss...
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mountin...