CVE-2020-4040
published 2020-06-08CVE-2020-4040: Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers…
PriorityP420medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
1.77%
75.3th percentile
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bolt | bolt | < 3.7.1 | 3.7.1 |
| bolt | bolt | >= 0 < 3.7.1 | 3.7.1 |
| boltcms | bolt | < 3.7.1 | 3.7.1 |
| msrc | cbl2_bolt_0.9.2-2_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
CSRF issue on preview pages in Bolt CMS
vendor_msrc·2020-06-09·CVSS 8.6
CVE-2020-4040 [HIGH] CWE-352 CSRF issue on preview pages in Bolt CMS
CSRF issue on preview pages in Bolt CMS
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft
OSV
CSRF issue on preview pages in Bolt CMS
osv·2020-06-09
CVE-2020-4040 [HIGH] CSRF issue on preview pages in Bolt CMS
CSRF issue on preview pages in Bolt CMS
### Impact
Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.
### Patches
This has been fixed in Bolt 3.7.1
### References
Related issue: https://github.com/bolt/bolt/pull/7853
GHSA
CSRF issue on preview pages in Bolt CMS
ghsa·2020-06-09
CVE-2020-4040 [HIGH] CWE-352 CSRF issue on preview pages in Bolt CMS
CSRF issue on preview pages in Bolt CMS
### Impact
Bolt CMS lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview.
### Patches
This has been fixed in Bolt 3.7.1
### References
Related issue: https://github.com/bolt/bolt/pull/7853
Suricata
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3119 [HIGH] ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id INSERT
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id INSERT"; flow:established,to_server; http.uri; content:"/news.asp?"; nocase; content:"news_id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3119; reference:url,www.exploit-db.com/exploits/4040/; classtype:web-application-attack; sid:2004643; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3119 [HIGH] ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UPDATE
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UPDATE"; flow:established,to_server; http.uri; content:"/news.asp?"; nocase; content:"news_id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3119; reference:url,www.exploit-db.com/exploits/4040/; classtype:web-application-attack; sid:2004646; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Init
Suricata
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3119 [HIGH] ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UNION SELECT
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UNION SELECT"; flow:established,to_server; http.uri; content:"/news.asp?"; nocase; content:"news_id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3119; reference:url,www.exploit-db.com/exploits/4040/; classtype:web-application-attack; sid:2004642; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3119 [HIGH] ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id SELECT
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id SELECT"; flow:established,to_server; http.uri; content:"/news.asp?"; nocase; content:"news_id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3119; reference:url,www.exploit-db.com/exploits/4040/; classtype:web-application-attack; sid:2004641; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3119 [HIGH] ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ASCII
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ASCII"; flow:established,to_server; http.uri; content:"/news.asp?"; nocase; content:"news_id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3119; reference:url,www.exploit-db.com/exploits/4040/; classtype:web-application-attack; sid:2004645; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3119 [HIGH] ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id DELETE
ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id DELETE"; flow:established,to_server; http.uri; content:"/news.asp?"; nocase; content:"news_id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3119; reference:url,www.exploit-db.com/exploits/4040/; classtype:web-application-attack; sid:2004644; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
No public exploits indexed.
Bugzilla
CVE-2020-12767 libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
bugzilla·2020-05-12·CVSS 5.5
CVE-2020-12767 [MEDIUM] CVE-2020-12767 libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
CVE-2020-12767 libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
Reference:
https://github.com/libexif/libexif/issues/31
Upstream commit:
https://github.com/libexif/libexif/pull/32/commits/4431cd0d67c2b17bf764fa9c253f11051ae8355a
Discussion:
Created libexif tracking bugs for this issue:
Affects: fedora-all [bug 1834951]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:4040 https://access.redhat.com/errata/RHSA-2020:4040
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-12767
---
This issue has been addressed in the f
Bugzilla
CVE-2019-9278 libexif: out of bounds write in exif-data.c
bugzilla·2020-01-08·CVSS 8.8
CVE-2019-9278 [HIGH] CVE-2019-9278 libexif: out of bounds write in exif-data.c
CVE-2019-9278 libexif: out of bounds write in exif-data.c
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation.
Upstream issue:
https://github.com/libexif/libexif/issues/26
Discussion:
Patch:
https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566
---
This bug was never fixed in Fedora. Yaakov, do you want to handle this?
(Shouldn't there have been a Fedora tracking bug?)
---
This is fixed by the libexif 0.6.22 update.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:4040 https://access.redhat.com/erra
http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.htmlhttp://seclists.org/fulldisclosure/2020/Jul/4https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419fhttps://github.com/bolt/bolt/pull/7853https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.htmlhttp://seclists.org/fulldisclosure/2020/Jul/4https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419fhttps://github.com/bolt/bolt/pull/7853https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8
2020-06-08
Published