Vulnerabilities in FOGProject
13 resultsCVE-2024-39914CRITICAL FOG has a command injection in /fog/management/export.php?filename=EPSS 23.4%CVE-2025-58443CRITICALFOG's authentication bypass leads to full SQL DB dumpEPSS 17.6%CVE-2024-40645HIGHFOG Authenticated File Upload RCEEPSS 1.0%CVE-2024-42348CRITICALFOG leaks sensitive information (AD domain, username and password)EPSS 0.6%CVE-2024-42349MEDIUMFOG has a Log Information DisclosureEPSS 0.6%CVE-2024-41108HIGHFOG Sensitive Information DisclosureEPSS 0.6%CVE-2023-46237MEDIUMFOG path traversal via unauthenticated endpointEPSS 0.5%CVE-2023-46236HIGHFOG SSRF via unauthenticated endpoint(s)EPSS 0.5%CVE-2026-24138HIGHFOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php`EPSS 0.4%CVE-2023-46235MEDIUMFOG stored XSS on log screen via unsanitized request loggingEPSS 0.3%CVE-2024-41954MEDIUMFOG Weak file permissionsEPSS 0.3%CVE-2024-39916MEDIUMNFS server misconfiguration allows file access outside the exported directoryEPSS 0.3%CVE-2026-33739MEDIUMFOG has Stored XSS in Multiple Management PagesEPSS 0.2%