Miggo Logo
Miggo Vulnerability Database
CVE-2020-4040

CVE-2020-4040:
CSRF issue on preview pages in Bolt CMS

8.6

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-4040
GHSA ID
GHSA-2q66-6cc3-6xm8
EPSS Score
0.5937%
CWE
CWE-352
Published
6/9/2020
Updated
1/28/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
bolt/boltcomposer< 3.7.13.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the preview endpoint's lack of CSRF protection. The commit diff shows the critical addition of CSRF token validation logic in Frontend.php's preview() method. Other changes in Config.php and FilesystemManager.php relate to file extension restrictions and test fixes, which are unrelated to the CSRF vulnerability. The Frontend::preview() function was clearly the vulnerable entry point because it handled POST requests for preview generation without initial CSRF checks, as evidenced by the patch adding token validation directly to this method.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *olt *MS l**k** *SR* prot**tion in t** pr*vi*w **n*r*tin* *n*point. Pr*vi*ws *r* int*n*** to ** **n*r*t** *y t** **mins, **v*lop*rs, **i**-**itors, *n* **itors, w*o *r* *ut*oriz** to *r**t* *ont*nt in t** *ppli**tion. *ut *u* to l**k o* p

Reasoning

T** vuln*r**ility st*ms *rom t** pr*vi*w *n*point's l**k o* *SR* prot**tion. T** *ommit *i** s*ows t** *riti**l ***ition o* *SR* tok*n `v*li**tion` lo*i* in `*ront*n*.p*p`'s `pr*vi*w()` m*t*o*. Ot**r ***n**s in `*on*i*.p*p` *n* `*il*syst*mM*n***r.p*p