CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9185
https://notcve.org/view.php?id=CVE-2019-9185
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. Controller/Async/FilesystemManager.php en el gestor de archivos en Bolt, en versiones 3.6.5 y anteriores, permite a los atacantes remotos ejecutar código PHP arbitrario renombrando un archivo previamente subido para que tenga una extensión .php. • https://github.com/bolt/bolt/blob/v3.6.5/changelog.md https://github.com/bolt/bolt/pull/7745 https://github.com/bolt/bolt/releases/tag/v3.6.5 https://www.hacksecproject.com/?p=293 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9553 – Bolt CMS 3.6.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9553
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. Bolt versión 3.6.4, tiene una vulnerabilidad de tipo XSS por medio del parámetro slug, teaser o title en el archivo editcontent/pages, un problema relacionado con CVE-2017-11128 y CVE-2018-19933. Bold CMS version 3.6.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46495 https://packetstormsecurity.com/files/151943/Bold-CMS-3.6.4-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16754
https://notcve.org/view.php?id=CVE-2017-16754
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. Bolt en versiones anteriores a la 3.3.6 no restringe correctamente el acceso a rutas _profiler. Esto está relacionado con EventListener/ProfilerListener.php y Provider/EventListenerServiceProvider.php. • http://www.securityfocus.com/bid/101777 https://github.com/bolt/bolt/commit/aa21787241945457a2e4abc8b079672935fe0840 https://github.com/bolt/bolt/releases/tag/v3.3.6 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 29%CPEs: 1EXPL: 6CVE-2015-7309 – CMS Bolt File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2015-7309
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. Vulnerabilidad en el editor de temas en Bolt en versiones anteriores a 2.2.5, no comprueba la extensión de archivo al renombrar archivos, lo que permite a usuarios remotos autenticados ejecutar código arbitrario mediante el renombrado de un archivo manipulado y accediendo entonces a este directamente. • https://www.exploit-db.com/exploits/38196 http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html http://packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html http://seclists.org/fulldisclosure/2015/Aug/66 http://www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload https://bolt.cm/newsitem/bolt-2-2-5-released https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/bolt_file_upload.rb • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •