EchoSl0w/Research

Releases0

For publishing my CVEs

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-46624 ↗	Dec 3, 2024Tuesday, 3 December 2024, 23:15	8.8 HIGH	—
An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.
CVE-2024-46625 ↗	Dec 3, 2024Tuesday, 3 December 2024, 22:15	8.8 HIGH	—
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file.