GMS-2015-20: Remote Code Execution

August 17, 2015

The Bolt CMS does not allow the upload or editing of PHP files in its admin area, which should prevent code execution once an attacker gained admin credentials. However, when uploading, the actual file type is not checked. The theme editor allows for the renaming of uploaded files, and it does not check the file extension or file type when doing so. Because of this, an attacker can gain code execution. Please note that admin credentials are required.

References

blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html
github.com/bolt/bolt/pull/3815

Code Behaviors & Features

Detect and mitigate GMS-2015-20 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →