Home > Vulnerability Database > CVE-2023-46236

Mend.io Vulnerability Database

CVE-2023-46236

Good to know:

Date: October 31, 2023

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.

Language: PHP

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46236

Url: https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763

Url: https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h

Url: https://www.mend.io/vulnerability-database/CVE-2023-46236

Severity Score

7.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version 1.5.10

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46236

Good to know:

Date: October 31, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?