Ahsentekdo

**Name of the Vulnerable Software and Affected Versions** Automad version 2.0.0 **Description** An arbitrary file upload vulnerability in the image upload function allows attackers to execute arbitrary code via a crafted file. The malicious file has to be prepared and uploaded manually by the admin, typically the site owner. **Recommendations** For Automad version 2.0.0, as a temporary workaround, consider disabling the image upload function until a patch is available. Restrict access to the image upload module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.