EUVD-2021-1214

Malware in sbrugna...

CVE-2020-28925

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance...

Advisory ROSA-SA-2021-1809

Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...

Authorization Bypass

bolt/bolt is vulnerable to authorization bypass. The filter options in a Request in the Twig context is not restricted and allows an attacker to bypass access controls...

CVE-2020-28925

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance...

Design/Logic Flaw

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance...

Bolt CMS Security Vulnerability

Bolt CMS is an open source PHP-based content management system for the Bolt BOLT community. A security vulnerability exists in Bolt versions prior to 3.7.2, which stems from a filter option in the Twig context that restricts requests, and is therefore inconsistent with the "How to Enhance PHP for...