cve/2024/CVE-2024-39914.md

### [CVE-2024-39914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39914)
![](https://img.shields.io/static/v1?label=Product&message=fogproject&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.5.10.34%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen)

### Description

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
Update CVE sources 2024-07-25 21:25 2024-07-25 21:25:12 +00:00			`### [CVE-2024-39914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39914)`
			`![](https://img.shields.io/static/v1?label=Product&message=fogproject&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.5.10.34%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen)`

			`### Description`

			`FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/wy876/POC`
			`- https://github.com/wy876/wiki`