CVE-2019-10874
published 2019-04-05CVE-2019-10874: Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a…
PriorityP357high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
4.52%
90.3th percentile
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bolt | bolt | >= 3.6.6 < 3.6.7 | 3.6.7 |
| boltcms | bolt | — | — |
| redhat | ansible | >= 0 < 2.0.0.2-2ubuntu1.3 | 2.0.0.2-2ubuntu1.3 |
| redhat | ansible | >= 0 < 2.5.1+dfsg-1ubuntu0.1 | 2.5.1+dfsg-1ubuntu0.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Bolt Cross Site Request Forgery (CSRF)
ghsa·2022-05-13
CVE-2019-10874 [HIGH] CWE-352 Bolt Cross Site Request Forgery (CSRF)
Bolt Cross Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) in the `bolt/upload` File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the `file/edit/config/config.yml` configuration file.
OSV
Bolt Cross Site Request Forgery (CSRF)
osv·2022-05-13
CVE-2019-10874 [HIGH] Bolt Cross Site Request Forgery (CSRF)
Bolt Cross Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) in the `bolt/upload` File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the `file/edit/config/config.yml` configuration file.
OSV
ansible vulnerabilities
osv·2019-07-24·CVSS 9.8
CVE-2017-7481 ansible vulnerabilities
ansible vulnerabilities
It was discovered that Ansible failed to properly handle sensitive information.
A local attacker could use those vulnerabilities to extract them.
(CVE-2017-7481)
(CVE-2018-10855)
(CVE-2018-16837)
(CVE-2018-16876)
(CVE-2019-10156)
It was discovered that Ansible could load configuration files from the current
working directory containing crafted commands. An attacker could run arbitrary
code as result.
(CVE-2018-10874)
(CVE-2018-10875)
It was discovered that Ansible fetch module had a path traversal vulnerability.
A local attacker could copy and overwrite files outside of the specified
destination.
(CVE-2019-3828)
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/152429/Bolt-CMS-3.6.6-Cross-Site-Request-Forgery-Code-Execution.htmlhttps://fgsec.net/from-csrf-to-rce-bolt-cms/https://github.com/bolt/bolt/pull/7768/commits/91187aef36363a870d60b0a3c1bf8507af34c9e4https://www.exploit-db.com/exploits/46664/http://packetstormsecurity.com/files/152429/Bolt-CMS-3.6.6-Cross-Site-Request-Forgery-Code-Execution.htmlhttps://fgsec.net/from-csrf-to-rce-bolt-cms/https://github.com/bolt/bolt/pull/7768/commits/91187aef36363a870d60b0a3c1bf8507af34c9e4https://www.exploit-db.com/exploits/46664/
2019-04-05
Published