Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FOG path traversal via unauthenticated endpoint
Vulnerability Description
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
FOGProject 路径遍历漏洞
Vulnerability Description
FOGProject是一个免费的开源网络计算机克隆和管理解决方案。可用于部署和管理任何桌面操作系统。 FOGProject 1.5.10之前版本存在路径遍历漏洞,该漏洞源于向经过身份验证的用户提供有限枚举能力的端点可供未经身份验证的用户访问,攻击者利用该漏洞可以发现 Apache 用户组的文件及其各自的路径。
CVSS Information
N/A
Vulnerability Type
N/A