CVE-2024-40645 in FOGinformação

Sumário

de MITRE • 31/07/2024

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

08/07/2024

Divulgação

31/07/2024

Moderação

aceite

Entrada

VDB-273299

CPE

pronto

CWE

CWE-434 (confirmado)

CVSS

8.8 (NVD)

EPSS

0.00229

KEV

não

Atividades

muito baixo

Sector

Industry, Hospital, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-40645
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-40645
CVE Details	https://www.cvedetails.com/cve/CVE-2024-40645/

◂ Voltar Visão Geral Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!