4 matches found
CVE-2019-9185 affecting package bolt 0.9.2-2
CVE-2019-9185 affecting package bolt 0.9.2-2. This CVE either no longer is or was never applicable...
Advisory ROSA-SA-2021-1809
Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...
CVE-2019-9185
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...
CVE-2019-9185
Bolt CMS prior to 3.6.5 is affected by a vulnerability in the filemanager’s Controller/Async/FilesystemManager.php that allows remote code execution by renaming a previously uploaded file to have a .php extension. Public references indicate the fix was released in Bolt 3.6.5 (see Bolt v3.6.5 rele...