Description

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41.

INFO

Published Date :

2024-07-31T18:57:50.347Z

Last Modified :

2024-07-31T20:13:14.492Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-40645 vulnerability.

Vendors Products
Fogproject
  • Fogproject
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-40645.

URL Resource
https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896 cve-icon cve-icon
https://github.com/FOGProject/fogproject/commit/9469606a18bf8887740cceed6593a2e0380b5e0c cve-icon cve-icon
https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact