Echosl0W

**Name of the Vulnerable Software and Affected Versions** InfoDom Performa 365 version 4.0.1 **Description** An issue in InfoDom Performa 365 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to "/api/users". **Recommendations** For version 4.0.1, consider restricting access to the "/api/users" endpoint until a patch is available. As a temporary workaround, review and limit user privileges to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InfoDom Performa 365 version 4.0.1 **Description** The issue is related to an authenticated arbitrary file upload vulnerability in the "/documentCache/upload" endpoint. This allows attackers to execute arbitrary code by uploading a crafted SVG file. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For InfoDom Performa 365 version 4.0.1, consider disabling the "/documentCache/upload" endpoint until a patch is available to prevent exploitation. Additionally, restrict the upload of SVG files in this endpoint to minimize the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.