Veracode Vulnerability DatabaseVERACODE:4785Arbitrary Code Execution
0.449 Medium
EPSS
Percentile
97.4%
Bolt is vulnerable to arbitrary code execution. The library does not properly check for file type during file uploads and the theme editor allows the renaming of file extentions. This allows a malicious user to inject and execute arbitrary PHP code by passing a php file saved with a different file extention and renaming it with the theme editor before accessing it.
References
blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html
packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html
seclists.org/fulldisclosure/2015/Aug/66
www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload
bolt.cm/item/bolt-2-2-5-released
bolt.cm/newsitem/bolt-2-2-5-released
github.com/bolt/bolt/commit/714a66801b4d84e328c90e1fac300df16f13d66f
www.exploit-db.com/exploits/38196/
www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload
Related
