← back
CVE-2015-7309

CVE-2015-7309

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 39%
from disclosure to weapon0 days
Published on NVDSep 22
1st PoCSep 15
metasploitAug 17
exploitation probability
39%top 2% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.