CVE-2024-46625
📋 TL;DR
This vulnerability allows authenticated attackers to upload malicious SVG files to the /documentCache/upload endpoint in InfoDom Performa 365 v4.0.1, leading to arbitrary code execution on the server. Organizations using this specific version of the software are affected. Attackers must have valid credentials to exploit this vulnerability.
💻 Affected Systems
- InfoDom Performa 365
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over the server, data exfiltration, lateral movement within the network, and persistent backdoor installation.
Likely Case
Attacker uploads web shell or malware to execute commands, potentially leading to data theft, service disruption, or ransomware deployment.
If Mitigated
With proper input validation and file type restrictions, the attack would be blocked at the upload stage with no impact.
🎯 Exploit Status
Requires authenticated access and knowledge of SVG file crafting for code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v4.0.2 or later
Vendor Advisory: https://www.infodom.com/security-advisory
Restart Required: No
Instructions:
1. Contact InfoDom support for patch v4.0.2 or later. 2. Backup current configuration. 3. Apply the patch following vendor instructions. 4. Test functionality after patching.
🔧 Temporary Workarounds
Block SVG Uploads
allConfigure web application firewall or server rules to block SVG file uploads to the /documentCache/upload endpoint.
Restrict Endpoint Access
allImplement IP whitelisting or network segmentation to limit access to the vulnerable endpoint.
🧯 If You Can't Patch
- Implement strict file upload validation rejecting SVG files
- Deploy web application firewall with rules to detect and block malicious file uploads
🔍 How to Verify
Check if Vulnerable:
Check if system is running InfoDom Performa 365 v4.0.1 and has /documentCache/upload endpoint accessible.Check Version:
Check application admin panel or consult vendor documentation for version information.Verify Fix Applied:
Verify version is v4.0.2 or later and test SVG file uploads are properly rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual SVG file uploads to /documentCache/upload
- Multiple failed upload attempts
- POST requests with SVG content to vulnerable endpoint
Network Indicators:
- HTTP POST requests to /documentCache/upload with SVG files
- Unusual outbound connections after file uploads
SIEM Query:
source="web_server" AND (uri="/documentCache/upload" AND file_extension="svg")