CVE-2015-7309

Опубликовано: 22 сент. 2015

Источник: nvd

CVSS2: 6.5

EPSS Средний

Описание

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.

Ссылки

http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html
Exploit
http://packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html
Exploit
http://seclists.org/fulldisclosure/2015/Aug/66
Exploit
http://www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload
Exploit
https://bolt.cm/newsitem/bolt-2-2-5-released
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38196/
Exploit
http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html
Exploit
http://packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html
Exploit
http://seclists.org/fulldisclosure/2015/Aug/66
Exploit
http://www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload
Exploit
https://bolt.cm/newsitem/bolt-2-2-5-released
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38196/
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boltcms:bolt:*:*:*:*:*:*:*:*

Версия до 2.2.0 (включая)

EPSS

Процентиль: 98%

0.60269

Средний

6.5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2015-7309

msrc

3 месяца назад

The theme editor in Bolt allows remote authenticated users to execute arbitrary code by renaming a crafted file

GHSA-gfg2-33mf-746p

github

больше 3 лет назад