.. / CVE-2024-39914

Exploit for FOG Project < 1.5.10.34 - Remote Command Execution (CVE-2024-39914)

Description:

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.

Nuclei Template

View the template here CVE-2024-39914.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-39914.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-39914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39914
https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j
https://blog.csdn.net/qq_39894062/article/details/140550009