14 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. Se ha detectado que el parámetro foldername en Bolt versión 5.1.7, presenta una comprobación de entrada incorrecta, permitiendo a atacantes llevar a cabo una enumeración de directorios o causar una Denegación de Servicio (DoS) por medio de una entrada diseñada • http://bolt.com https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. Los archivos Controller/Backend/FileEditController.php y Controller/Backend/FilemanagerController.php en Bolt versiones anteriores a 4.1.13, permiten un Salto de Directorio • https://github.com/bolt/core/pull/2371 https://github.com/bolt/core/releases/tag/4.1.13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. Bolt versiones anteriores a 3.7.2, no restringe las opciones de filtro en una petición en el contexto de Twig y, por lo tanto, es inconsistente con la guía "How to Harden Your PHP for Better Security". • https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a https://github.com/bolt/bolt/compare/3.7.1...3.7.2 •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 2

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. • http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 3

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 Bolt CMS versión anterior a 3.7.1, carecía de protección de CSRF en el endpoint de generación de vista previa. Las vistas previas están destinadas a ser generadas por los administradores, desarrolladores, jefes de redacción y editores, que están autorizados para crear contenido en la aplicación. • https://github.com/jpvispo/RCE-Exploit-Bolt-3.7.0-CVE-2020-4040-4041 http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8 • CWE-352: Cross-Site Request Forgery (CSRF) •