How severe is CVE-2023-7036?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-7036?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2023-7036 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-2914

MEDIUM

CVSS:5.4(Medium)

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specify...

CWE-4342016

CVE-2019-19493

MEDIUM

CVSS:5.4(Medium)

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

CWE-4342019

CVE-2019-6513

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.

CWE-4342019

CVE-2020-26828

MEDIUM

CVSS:5.4(Medium)

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which ca...

CWE-4342020

CVE-2020-2730

MEDIUM

CVSS:5.4(Medium)

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0...

CWE-4342020

CVE-2021-24960

MEDIUM

CVSS:5.4(Medium)

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way ...

CWE-4342021