Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bolt vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-28925
Bolt prior to 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.
Boltcms Bolt
9.1
CVSSv3
CVE-2022-31321
The foldername parameter in Bolt 5.1.7 exists to have incorrect input validation, allowing malicious users to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.
Boltcms Bolt
6.1
CVSSv3
CVE-2019-15484
Bolt prior to 3.6.10 has XSS via an image's alt or title field.
Boltcms Bolt
7.5
CVSSv3
CVE-2021-27367
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt prior to 4.1.13 allow Directory Traversal.
Boltcms Bolt
8.8
CVSSv3
CVE-2019-9185
Controller/Async/FilesystemManager.php in the filemanager in Bolt prior to 3.6.5 allows remote malicious users to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
Boltcms Bolt
6.1
CVSSv3
CVE-2019-15483
Bolt prior to 3.6.10 has XSS via a title that is mishandled in the system log.
Boltcms Bolt
6.1
CVSSv3
CVE-2019-15485
Bolt prior to 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
Boltcms Bolt
8.8
CVSSv3
CVE-2019-10874
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote malicious users to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
Boltcms Bolt 3.6.6
1 EDB exploit
6.1
CVSSv3
CVE-2019-20058
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040
Boltcms Bolt 3.7.0
6.1
CVSSv3
CVE-2019-9553
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
Boltcms Bolt 3.6.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »