Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:52 p.m.11 views

CVE-2020-4040

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...

8.6CVSS6.6AI score0.01766EPSS
Exploits3
CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.55 views

CVE-2020-4040 affecting package bolt 0.9.2-2

CVE-2020-4040 affecting package bolt 0.9.2-2. This CVE either no longer is or was never applicable...

8.6CVSS7.5AI score0.01766EPSS
Exploits3
Rosalinux
Rosalinux
added 2021/07/02 4:34 p.m.88 views

Advisory ROSA-SA-2021-1809

Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...

8.8CVSS6.8AI score0.38611EPSS
Exploits12
Cvelist
Cvelist
added 2020/06/08 10:0 p.m.34 views

CVE-2020-4040 CSRF issue on preview pages in Bolt CMS

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized...

8.6CVSS8.5AI score0.01766EPSS
Exploits3References5
CVE
CVE
added 2020/06/08 10:0 p.m.188 views

CVE-2020-4040

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Unauthorized users could generate previews intended for admins, editors, or similar roles. This was fixed in Bolt 3.7.1; affected versions are prior to that release.

8.6CVSS4.8AI score0.01766EPSS
Exploits3References5Affected Software1
Rows per page
Query Builder