| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
| CVE-2015-7309 affecting package bolt 0.9.2-2 | 12 Jan 202509:15 | – | cbl_mariner | |
| CVE-2015-7309 | 15 Sep 201500:00 | – | circl | |
| Bolt Arbitrary Code Execution Vulnerability | 27 Sep 201500:00 | – | cnvd | |
| CVE-2015-7309 | 22 Sep 201515:00 | – | cvelist | |
| The theme editor in Bolt allows remote authenticated users to execute arbitrary code by renaming a crafted file | 1 Oct 202523:10 | – | mscve | |
| CMS Bolt File Upload Vulnerability | 9 Sep 201516:41 | – | metasploit | |
| CVE-2015-7309 | 22 Sep 201515:59 | – | nvd | |
| Code injection | 22 Sep 201515:59 | – | prion | |
| CVE-2015-7309 | 22 May 202503:14 | – | redhatcve | |
| Advisory ROSA-SA-2021-1809 | 2 Jul 202116:34 | – | rosalinux |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| fname | path | /bolt/files/theme/{fname} | Upload payload via theme folder to trigger vulnerability | CWE-74 |
| form[_token] | path | /bolt/files/theme/{fname} | Upload payload via theme folder to trigger vulnerability | CWE-74 |
| form[FileUpload][] | path | /bolt/files/theme/{fname} | Upload payload via theme folder to trigger vulnerability | CWE-74 |
| namespace | request body | /async/renamefile | Rename crafted file to change extension to .php (trigger code execution) | CWE-74 |
| parent | request body | /async/renamefile | Rename crafted file to change extension to .php (trigger code execution) | CWE-74 |
| oldname | request body | /async/renamefile | Rename crafted file to change extension to .php (trigger code execution) | CWE-74 |
| newname | request body | /async/renamefile | Rename crafted file to change extension to .php (trigger code execution) | CWE-74 |
| fname | path | /theme/{fname}/{php}.php | Access the renamed PHP payload to execute code | CWE-74 |
| php | path | /theme/{fname}/{php}.php | Access the renamed PHP payload to execute code | CWE-74 |
| fname | path | /bolt/files/theme/{fname} | Token retrieval used for upload form submission | CWE-74 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation