CVE-2015-7309

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7309. PoCs published by Metasploit, Tim Coen, including Metasploit module exploits/multi/http/bolt_file_upload.

AI-analyzed exploit summary This Metasploit module exploits an authenticated file upload vulnerability in Bolt CMS 2.2.4, allowing arbitrary PHP code execution by uploading a malicious file disguised as an image and renaming it to a .php extension.

Description

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/38196

View Code ZIP pw:eip

This Metasploit module exploits an authenticated file upload vulnerability in Bolt CMS 2.2.4, allowing arbitrary PHP code execution by uploading a malicious file disguised as an image and renaming it to a .php extension.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Bolt CMS 2.2.4

Auth required

Prerequisites: Valid credentials for Bolt CMS · Access to the file upload functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Tim Coen · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/bolt_file_upload.rb