5 matches found
CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...
CVE-2020-4040 affecting package bolt 0.9.2-2
CVE-2020-4040 affecting package bolt 0.9.2-2. This CVE either no longer is or was never applicable...
Advisory ROSA-SA-2021-1809
Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...
CVE-2020-4040 CSRF issue on preview pages in Bolt CMS
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...
CVE-2020-4040
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Unauthorized users could generate previews intended for admins, editors, or similar roles. This was fixed in Bolt 3.7.1; affected versions are prior to that release.