CVE-2024-40400

Name of the Vulnerable Software and Affected Versions Automad version 2.0.0

Description An arbitrary file upload vulnerability in the image upload function allows attackers to execute arbitrary code via a crafted file. The malicious file has to be prepared and uploaded manually by the admin, typically the site owner.

Recommendations For Automad version 2.0.0, as a temporary workaround, consider disabling the image upload function until a patch is available. Restrict access to the image upload module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.