Skip to content

Automad arbitrary file upload vulnerability

Moderate severity GitHub Reviewed Published Jul 19, 2024 to the GitHub Advisory Database • Updated Aug 19, 2024

Package

composer automad/automad (Composer)

Affected versions

< 2.0.0-alpha.5

Patched versions

2.0.0-alpha.5

Description

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.

The malicious file has to be prepared and uploaded manually by the admin. Usually there is only one admin per site and that is the owner.

References

Published by the National Vulnerability Database Jul 19, 2024
Published to the GitHub Advisory Database Jul 19, 2024
Reviewed Jul 19, 2024
Last updated Aug 19, 2024

Severity

Moderate

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2024-40400

GHSA ID

GHSA-47mc-qmh2-mqj4

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.