7 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. En las versiones de Puppet Bolt anteriores a la 3.27.4, se identificó una ruta para escalar privilegios. • https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt • CWE-269: Improper Privilege Management •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. Se ha detectado que el parámetro foldername en Bolt versión 5.1.7, presenta una comprobación de entrada incorrecta, permitiendo a atacantes llevar a cabo una enumeración de directorios o causar una Denegación de Servicio (DoS) por medio de una entrada diseñada • http://bolt.com https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. Los archivos Controller/Backend/FileEditController.php y Controller/Backend/FilemanagerController.php en Bolt versiones anteriores a 4.1.13, permiten un Salto de Directorio • https://github.com/bolt/core/pull/2371 https://github.com/bolt/core/releases/tag/4.1.13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. Bolt versiones anteriores a 3.7.2, no restringe las opciones de filtro en una petición en el contexto de Twig y, por lo tanto, es inconsistente con la guía "How to Harden Your PHP for Better Security". • https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a https://github.com/bolt/bolt/compare/3.7.1...3.7.2 •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 2

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. • http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •