CVE-2019-10874 – Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-10874
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funcionalidad de subida de archivos "bolt/upload" en Bolt CMS, en su versión 3.6.6, permite a los atacantes remotos ejecutar código arbitrario subiendo un archivo JavaScript para incluir extensiones ejecutables en el archivo de configuración en file/edit/config/config.yml. Bolt CMS version 3.6.6 suffers from cross site request forgery and code execution vulnerabilities. • https://www.exploit-db.com/exploits/46664 http://packetstormsecurity.com/files/152429/Bolt-CMS-3.6.6-Cross-Site-Request-Forgery-Code-Execution.html https://fgsec.net/from-csrf-to-rce-bolt-cms https://github.com/bolt/bolt/pull/7768/commits/91187aef36363a870d60b0a3c1bf8507af34c9e4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-9185
https://notcve.org/view.php?id=CVE-2019-9185
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. Controller/Async/FilesystemManager.php en el gestor de archivos en Bolt, en versiones 3.6.5 y anteriores, permite a los atacantes remotos ejecutar código PHP arbitrario renombrando un archivo previamente subido para que tenga una extensión .php. • https://github.com/bolt/bolt/blob/v3.6.5/changelog.md https://github.com/bolt/bolt/pull/7745 https://github.com/bolt/bolt/releases/tag/v3.6.5 https://www.hacksecproject.com/?p=293 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-9553 – Bolt CMS 3.6.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9553
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. Bolt versión 3.6.4, tiene una vulnerabilidad de tipo XSS por medio del parámetro slug, teaser o title en el archivo editcontent/pages, un problema relacionado con CVE-2017-11128 y CVE-2018-19933. Bold CMS version 3.6.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46495 https://packetstormsecurity.com/files/151943/Bold-CMS-3.6.4-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16754
https://notcve.org/view.php?id=CVE-2017-16754
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. Bolt en versiones anteriores a la 3.3.6 no restringe correctamente el acceso a rutas _profiler. Esto está relacionado con EventListener/ProfilerListener.php y Provider/EventListenerServiceProvider.php. • http://www.securityfocus.com/bid/101777 https://github.com/bolt/bolt/commit/aa21787241945457a2e4abc8b079672935fe0840 https://github.com/bolt/bolt/releases/tag/v3.3.6 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2015-7309 – CMS Bolt - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-7309
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. Vulnerabilidad en el editor de temas en Bolt en versiones anteriores a 2.2.5, no comprueba la extensión de archivo al renombrar archivos, lo que permite a usuarios remotos autenticados ejecutar código arbitrario mediante el renombrado de un archivo manipulado y accediendo entonces a este directamente. • https://www.exploit-db.com/exploits/38196 http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html http://packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html http://seclists.org/fulldisclosure/2015/Aug/66 http://www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload https://bolt.cm/newsitem/bolt-2-2-5-released • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •