6 matches found
CVE-2015-7309
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it...
CVE-2015-7309 affecting package bolt 0.9.2-2
CVE-2015-7309 affecting package bolt 0.9.2-2. This CVE either no longer is or was never applicable...
Advisory ROSA-SA-2021-1809
Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...
CVE-2015-7309
CVE-2015-7309 impacts Bolt CMS: the theme editor (pre-2.2.5) does not validate file extensions when renaming files, enabling remote authenticated users to execute arbitrary PHP code by renaming a crafted file and then directly accessing it. The vulnerability stems from the lack of extension check...
CVE-2015-7309
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it...
CVE-2015-7309
creationtimestamp| type| source ---|---|--- 2015-09-15 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38196 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/boltfileupload.rb 2025-02-06 03:13:42+00:00| seen|...