Home > Vulnerability Database > CVE-2023-46237

Mend.io Vulnerability Database

CVE-2023-46237

Date: October 31, 2023

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.

Language: PHP

Severity Score

5.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46237

Url: https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b

Url: https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2

Url: https://www.mend.io/vulnerability-database/CVE-2023-46237

Severity Score

5.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46237

Date: October 31, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?