Volmarg Personal Management System Vulnerable to SSRF via SVG File Upload
CVE-2024-29319

9.8CRITICAL

Key Information:

Vendor: Volmarg
Status: Personal Management System
Vendor: CVE Published:; 5 July 2024

What is CVE-2024-29319?

The Volmarg Personal Management System version 1.4.64 is susceptible to a Server Side Request Forgery (SSRF) vulnerability due to improper handling of SVG file uploads. This flaw allows attackers to manipulate the server into making arbitrary HTTP and DNS requests to external systems under their control. Such exploitation can lead to data leakage, access to internal services, and further escalation of attacks.

References

https://github.com/b-hermes/vulnerability-research/tree/m...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2024
Vulnerability Reserved
Mar 19, 2024