Filtered by vendor Boltcms
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27367 | 1 Boltcms | 1 Bolt | 2021-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. | |||||
| CVE-2019-9185 | 1 Boltcms | 1 Bolt | 2021-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. | |||||
| CVE-2019-10874 | 1 Boltcms | 1 Bolt | 2021-01-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. | |||||