CVE-2023-7036

Name of the Vulnerable Software and Affected Versions automad versions up to 1.10.9

Description A vulnerability was found in the function upload of the file FileCollectionController.php of the component Content Type Handler. This leads to unrestricted upload. The attack may be launched remotely and an exploit has been disclosed publicly. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For versions up to 1.10.9, as a temporary workaround, consider disabling the upload function of the FileCollectionController.php file until a patch is available. Restrict access to the Content Type Handler component to minimize the risk of exploitation. Avoid using the FileCollectionController.php file in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.