Lucene search
Veracode Vulnerability DatabaseVERACODE:13601HistoryApr 05, 2019 - 7:08 p.m.
Denial Of Service (DoS)
2019-04-0519:08:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.056 Low
EPSS
Percentile
93.3%
Bolt is vulnerable to denial of service (DoS). The vulnerability exists because it does not perform enough validation for the bolt/upload File Upload feature, allowing malicious script file uploading to include executable extensions in the file/edit/config/config.yml configuration file.
References
packetstormsecurity.com/files/152429/Bolt-CMS-3.6.6-Cross-Site-Request-Forgery-Code-Execution.html
fgsec.net/from-csrf-to-rce-bolt-cms/
github.com/bolt/bolt/commit/91187aef36363a870d60b0a3c1bf8507af34c9e4
github.com/bolt/bolt/pull/7768/commits/91187aef36363a870d60b0a3c1bf8507af34c9e4
www.exploit-db.com/exploits/46664
www.exploit-db.com/exploits/46664/
Related
packetstorm
packetstorm
Bolt CMS 3.6.6 Cross Site Request Forgery / Code Execution
2019-04-08 00:00:00
nvd
nvd
CVE-2019-10874
2019-04-05 05:29:03
github
github
Bolt Cross Site Request Forgery (CSRF)
2022-05-13 01:12:16
cve
cve
CVE-2019-10874
2019-04-05 05:29:03
osv
osv
Bolt Cross Site Request Forgery (CSRF)
2022-05-13 01:12:16
CVE-2019-10874
2019-04-05 05:29:03
cvelist
cvelist
CVE-2019-10874
2019-04-05 04:42:32
prion
prion
Cross site request forgery (csrf)
2019-04-05 05:29:00
zdt
zdt
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution Exploit
2019-04-09 00:00:00