PT-2021-17414 · Bolt · Bolt

Romain Richard

Published

2021-02-17

Updated

2021-02-23

CVE-2021-27367

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bolt versions prior to 4.1.13

Description The issue allows Directory Traversal. This is related to the files Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php.

Recommendations For versions prior to 4.1.13, update to version 4.1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable files Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php until a patch is applied.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-27367

GHSA-Q88G-QX42-XFRH

Affected Products

Bolt

PT-2021-17414 · Bolt · Bolt

CVE-2021-27367

Weakness Enumeration

Related Identifiers

Affected Products

References · 7