Submit #249815: Automad CMS <= 1.10.9 Unrestricted File Uploadinfo

TitleAutomad CMS <= 1.10.9 Unrestricted File Upload
DescriptionDescription: By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers. This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload.
Source⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload
User
 Maland (UID 59886)
Submission12/09/2023 18:12 (3 years ago)
Moderation12/21/2023 09:19 (12 days later)
StatusAccepted
VulDB entry248685 [automad up to 1.10.9 Content Type FileCollectionController.php upload unrestricted upload]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!