In view of COVID-19 precaution measures, we remind you that ImmuniWeb Platform allows to easily configure and safely buy online all available solutions in a few clicks.

Total Tests:
Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime

Your data will stay confidential Private and Confidential

Unrestricted Upload of File with Dangerous Type in BoltWire

Advisory ID:HTB23218
Vulnerable Versions:4.10 and probably prior
Tested Version:4.10
Advisory Publication:June 11, 2014 [without technical details]
Vendor Notification:June 11, 2014
Vendor Fix:June 19, 2014
Public Disclosure:July 2, 2014
Latest Update:June 19, 2014
Vulnerability Type:Unrestricted Upload of File with Dangerous Type [CWE-434]
CVE Reference:CVE-2014-4169
Risk Level:Critical
CVSSv2 Base Score:10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Solution Status:Fixed by Vendor
Discovered and Provided:High-Tech Bridge Security Research Lab

Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in BoltWire, which can be exploited to execute arbitrary PHP code on the target system and gain complete control over vulnerable web application.

1) Unrestricted Upload of File with Dangerous Type in BoltWire: CVE-2014-4169

The vulnerability exists due to insufficient validation of the filename when uploading files in "/index.php" script. A remote authenticated attacker can upload arbitrary file with ".txt" extension and rename it into ".php" using a specially crafted HTTP POST request. Successful exploitation of the vulnerability requires valid user credentials, but registration is open by default to anyone. The vulnerability allows execution of arbitrary PHP code with privileges of the webserver and can lead to complete compromise of the website.

The following dump of the HTTP POST request illustrates the upload of the file named "file.txt" and its renaming into "file.php", with contents, which allows execution of arbitrary system commands:

POST /index.php?p=action.upload HTTP/1.1
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------312591666129281
Content-Length: 538

Content-Disposition: form-data; name="boltkey"

Con tent-Disposition: form-data; name="upload"; filename="file.txt"
Content-Type: text/plain


------------------------- ----312591666129281
Content-Disposition: form-data; name="filename"

C ontent-Disposition: form-data; name="submit"


The uploaded file will be accessible using the following URL:


How to Detect Unrestricted Upload of File with Dangerous Type Vulnerabilities
Free Website Security Test
  • Non-intrusive GDPR Test
  • Non-intrusive PCI DSS Test
Try Free Test
ImmuniWeb® On-Demand
  • Complete GDPR Audit
  • Complete PCI DSS Audit
  • Remediation Guidelines
  • DevSecOps Integration
Learn More

Update to BoltWire 4.11

More Information:

[1] High-Tech Bridge Advisory HTB23218 - - Unrestricted Upload of File with Dangerous Type in BoltWire.
[2] BoltWire - - BoltWire is an easy to use web development engine with surprizing flexibility and power. It has the various strengths of a wiki, cms, database, search engine, and more, all rolled together into an innovative software system of ground-breaking design.
[3] Common Vulnerabilities and Exposures (CVE) - - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[5] ImmuniWeb® - Leveraging the power of machine-learning and genius of human brain to deliver the most advanced web application security and penetration testing.
[6] ImmuniWeb® SSLScan - Test your servers for security and compliance with PCI DSS, HIPAA and NIST.
User Comments
Add Comment

Have additional information to submit?
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.
How it Works Ask a Question