Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FOGProject — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting FOGProject. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FOGProject is an open-source computer imaging solution primarily used for network-based deployment of operating systems across multiple machines. Historically, the project has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, with 13 CVEs documented to date. Security researchers have identified authentication bypass issues and insecure default configurations in various versions. While no major public security incidents have been widely reported, the persistent presence of multiple CVEs suggests ongoing challenges in secure coding practices, particularly in web interface components and deployment mechanisms.

Top products by FOGProject: fogproject
CVE IDTitleCVSSSeverityPublished
CVE-2026-33739 FOG has Stored XSS in Multiple Management Pages — fogprojectCWE-79 5.7 Medium2026-03-27
CVE-2026-24138 FOG vulnerable to unauthenticated SSRF via `/fog/service/getversion.php` — fogprojectCWE-918 7.5 High2026-01-23
CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump — fogprojectCWE-306 9.8AICriticalAI2025-09-06
CVE-2024-42349 FOG has a Log Information Disclosure — fogprojectCWE-532 5.3 Medium2024-08-02
CVE-2024-42348 FOG leaks sensitive information (AD domain, username and password) — fogprojectCWE-77 9.3 Critical2024-08-02
CVE-2024-41954 FOG Weak file permissions — fogprojectCWE-732 5.3 Medium2024-07-31
CVE-2024-41108 FOG Sensitive Information Disclosure — fogprojectCWE-200 7.5 High2024-07-31
CVE-2024-40645 FOG Authenticated File Upload RCE — fogprojectCWE-434 8.8 High2024-07-31
CVE-2024-39916 NFS server misconfiguration allows file access outside the exported directory — fogprojectCWE-453 6.4 Medium2024-07-12
CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename= — fogprojectCWE-77 9.8 Critical2024-07-12
CVE-2023-46237 FOG path traversal via unauthenticated endpoint — fogprojectCWE-22 5.8 Medium2023-10-31
CVE-2023-46236 FOG SSRF via unauthenticated endpoint(s) — fogprojectCWE-918 8.6 High2023-10-31
CVE-2023-46235 FOG stored XSS on log screen via unsanitized request logging — fogprojectCWE-79 5.4 Medium2023-10-31

This page lists every published CVE security advisory associated with FOGProject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.