CVE-2020-4040

HIGH

Bolt < 3.7.1 - CSRF

Title source: rule

Description

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1

Exploits (1)

nomisec NO CODE

by jpvispo · poc

https://github.com/jpvispo/RCE-Exploit-Bolt-3.7.0-CVE-2020-4040-4041

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Jul/4

[Patch, Third Party Advisory] https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f

[Patch, Third Party Advisory] https://github.com/bolt/bolt/pull/7853

[Patch, Third Party Advisory] https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8

Scores

CVSS v3 8.6

EPSS 0.0067

EPSS Percentile 71.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-352

Status published

Products (2)

bolt/bolt 0 - 3.7.1Packagist

boltcms/bolt < 3.7.1

Published Jun 08, 2020

Tracked Since Feb 18, 2026