Опубликовано: 19 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 6.8
Описание
Automad arbitrary file upload vulnerability
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.
The malicious file has to be prepared and uploaded manually by the admin. Usually there is only one admin per site and that is the owner.
Пакеты
Наименование
automad/automad
composer
Затронутые версииВерсия исправления
< 2.0.0-alpha.5
2.0.0-alpha.5
Связанные уязвимости
CVSS3: 8.8
nvd
больше 1 года назад
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.