CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16754
https://notcve.org/view.php?id=CVE-2017-16754
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. Bolt en versiones anteriores a la 3.3.6 no restringe correctamente el acceso a rutas _profiler. Esto está relacionado con EventListener/ProfilerListener.php y Provider/EventListenerServiceProvider.php. • http://www.securityfocus.com/bid/101777 https://github.com/bolt/bolt/commit/aa21787241945457a2e4abc8b079672935fe0840 https://github.com/bolt/bolt/releases/tag/v3.3.6 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 29%CPEs: 1EXPL: 6CVE-2015-7309 – CMS Bolt File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2015-7309
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. Vulnerabilidad en el editor de temas en Bolt en versiones anteriores a 2.2.5, no comprueba la extensión de archivo al renombrar archivos, lo que permite a usuarios remotos autenticados ejecutar código arbitrario mediante el renombrado de un archivo manipulado y accediendo entonces a este directamente. • https://www.exploit-db.com/exploits/38196 http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html http://packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html http://seclists.org/fulldisclosure/2015/Aug/66 http://www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload https://bolt.cm/newsitem/bolt-2-2-5-released https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/bolt_file_upload.rb • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •