Automad
by Automad
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45332 | Hig | 0.49 | 7.5 | 0.00 | May 28, 2026 | Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The… | ||
| CVE-2023-7035 | Low | 0.16 | 2.4 | 0.01 | Dec 21, 2023 | A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site… | ||
| CVE-2025-46070 | 0.00 | — | 0.00 | Jan 12, 2026 | An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component | |||
| CVE-2024-40111 | 0.00 | — | 0.01 | Aug 23, 2024 | A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in… | |||
| CVE-2024-40400 | 0.00 | — | 0.01 | Jul 19, 2024 | An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. | |||
| CVE-2023-7038 | 0.00 | — | 0.00 | Dec 21, 2023 | A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request… | |||
| CVE-2023-7037 | 0.00 | — | 0.01 | Dec 21, 2023 | A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated… | |||
| CVE-2023-7036 | 0.00 | — | 0.01 | Dec 21, 2023 | A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate… | |||
| CVE-2021-37502 | 0.00 | — | 0.01 | Feb 3, 2023 | Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. | |||
| CVE-2022-1536 | 0.00 | — | 0.01 | Apr 29, 2022 | A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home leads to a cross site scripting. The attack can… |
- risk 0.49cvss 7.5epss 0.00
Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The…
- risk 0.16cvss 2.4epss 0.01
A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site…
- CVE-2025-46070Jan 12, 2026risk 0.00cvss —epss 0.00
An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component
- CVE-2024-40111Aug 23, 2024risk 0.00cvss —epss 0.01
A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in…
- CVE-2024-40400Jul 19, 2024risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.
- CVE-2023-7038Dec 21, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request…
- CVE-2023-7037Dec 21, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated…
- CVE-2023-7036Dec 21, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate…
- CVE-2021-37502Feb 3, 2023risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.
- CVE-2022-1536Apr 29, 2022risk 0.00cvss —epss 0.01
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home leads to a cross site scripting. The attack can…