FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability…

FOG Project, an open-source cloning/imaging/rescue suite and inventory management system, contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in versions 1.5.10.1754 and below. The vulnerability exists in getversion.php and can be triggered through a user-controlled URL parameter. Attackers can exploit this to fetch internal websites and files on the machine running FOG. The vulnerability is accessible without authentication when the request includes newService=1. No fixed release version is available at the time of publication, making this a critical security concern for organizations using affected FOG versions.