CVE-2020-4040 – CSRF issue on preview pages in Bolt CMS
https://notcve.org/view.php?id=CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 Bolt CMS versión anterior a 3.7.1, carecía de protección de CSRF en el endpoint de generación de vista previa. Las vistas previas están destinadas a ser generadas por los administradores, desarrolladores, jefes de redacción y editores, que están autorizados para crear contenido en la aplicación. • https://github.com/jpvispo/RCE-Exploit-Bolt-3.7.0-CVE-2020-4040-4041 http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-15485
https://notcve.org/view.php?id=CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. Bolt anterior de la versión 3.6.10 tiene XSS a través de createFolder o createFile en Controller / Async / FilesystemManager.php. • https://github.com/bolt/bolt/pull/7800 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15484
https://notcve.org/view.php?id=CVE-2019-15484
Bolt before 3.6.10 has XSS via an image's alt or title field. Bolt versiones anteriores a 3.6.10 tiene XSS a través del campo alt o título de una imagen. • https://github.com/bolt/bolt/pull/7801 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15483
https://notcve.org/view.php?id=CVE-2019-15483
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. Bolt anterior de la versión 3.6.10 tiene XSS a través de un título que se maneja mal en el registro del sistema. • https://github.com/bolt/bolt/pull/7802 https://github.com/bolt/bolt/releases/tag/v3.6.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9185
https://notcve.org/view.php?id=CVE-2019-9185
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. Controller/Async/FilesystemManager.php en el gestor de archivos en Bolt, en versiones 3.6.5 y anteriores, permite a los atacantes remotos ejecutar código PHP arbitrario renombrando un archivo previamente subido para que tenga una extensión .php. • https://github.com/bolt/bolt/blob/v3.6.5/changelog.md https://github.com/bolt/bolt/pull/7745 https://github.com/bolt/bolt/releases/tag/v3.6.5 https://www.hacksecproject.com/?p=293 • CWE-434: Unrestricted Upload of File with Dangerous Type •