NVD

Id
27960  
Name
CVE-2015-7309  
Description
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-09-22  
Modified Date
2015-09-23  
Seq
2015-7309  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
147038 27960 CVE-2015-7309 http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html  View
147039 27960 CVE-2015-7309 http://packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html  View
147040 27960 CVE-2015-7309 20150818 Bolt 2.2.4 - Code Execution  View
147041 27960 CVE-2015-7309 http://www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload  View
147042 27960 CVE-2015-7309 https://bolt.cm/newsitem/bolt-2-2-5-released  View
147043 27960 CVE-2015-7309 38196  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9562 JVNDB-2015-004882 Bolt のテーマエディタにおける任意のコードを実行される脆弱性 Bolt のテーマエディタは、ファイルをリネームする際、ファイル拡張子を確認しないため、任意のコードを実行される脆弱性が存在します。 CVE-2015-7309 84534 CVE-2015-7309 27960 6.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004882.html 2015-07-24 2015-09-28 View