CVE-2024-29319

Name of the Vulnerable Software and Affected Versions Volmarg Personal Management System version 1.4.64

Description The Volmarg Personal Management System is vulnerable to Server Side Request Forgery (SSRF) via uploading a SVG file. This allows the server to make unintended HTTP and DNS requests to a server controlled by the attacker.

Recommendations For version 1.4.64, consider disabling the SVG file upload feature until a patch is available to prevent unintended HTTP and DNS requests. Restrict access to the affected module to minimize the risk of exploitation. Avoid using the vulnerable feature in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.