CVE-2015-7309
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 39%
from disclosure to weapon0 days
Published on NVDSep 22
1st PoCSep 15
metasploitAug 17
exploitation probability
39%top 2% of all CVEs
observed exploitation
nono source reports it
3 public exploit(s)
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38196/unverifiedexploitdbwww.exploit-db.com/exploits/38196unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.htmlhttp://packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.htmlhttps://bolt.cm/newsitem/bolt-2-2-5-releasedhttp://seclists.org/fulldisclosure/2015/Aug/66https://www.exploit-db.com/exploits/38196/http://www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload