Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4040 | 1 Boltcms | 1 Bolt | 2022-10-06 | 4.3 MEDIUM | 4.3 MEDIUM |
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 | |||||
CVE-2020-4041 | 1 Boltcms | 1 Bolt | 2022-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. | |||||
CVE-2022-31321 | 1 Boltcms | 1 Bolt | 2022-08-08 | N/A | 9.1 CRITICAL |
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. | |||||
CVE-2021-27367 | 1 Boltcms | 1 Bolt | 2021-02-23 | 5.0 MEDIUM | 7.5 HIGH |
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. | |||||
CVE-2019-15485 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php. | |||||
CVE-2015-7309 | 1 Boltcms | 1 Bolt | 2021-01-04 | 6.5 MEDIUM | N/A |
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. | |||||
CVE-2019-9185 | 1 Boltcms | 1 Bolt | 2021-01-04 | 6.5 MEDIUM | 8.8 HIGH |
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. | |||||
CVE-2017-16754 | 1 Boltcms | 1 Bolt | 2021-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | |||||
CVE-2019-15483 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log. | |||||
CVE-2019-15484 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Bolt before 3.6.10 has XSS via an image's alt or title field. | |||||
CVE-2019-9553 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933. | |||||
CVE-2019-20058 | 1 Boltcms | 1 Bolt | 2021-01-04 | 4.3 MEDIUM | 6.1 MEDIUM |
** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040. | |||||
CVE-2019-10874 | 1 Boltcms | 1 Bolt | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. | |||||
CVE-2020-28925 | 1 Boltcms | 1 Bolt | 2021-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. |