8.8

CVE-2024-40400

Exploit
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AutomadAutomad Version <= 1.10.9
AutomadAutomad Version2.0.0 Updatealpha1
AutomadAutomad Version2.0.0 Updatealpha2
AutomadAutomad Version2.0.0 Updatealpha3
AutomadAutomad Version2.0.0 Updatealpha4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.81% 0.522
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/marcantondahmen/automad/issues/106
Vendor Advisory
Exploit
Issue Tracking