Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bolt vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-36532
Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
Bolt Bolt Cms
6.1
CVSSv3
CVE-2018-19933
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
Bolt Bolt Cms
1 Github repository
8.8
CVSSv3
CVE-2021-40219
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated malicious user to edit theme to inject server-side template injection that leads to remote code execution.
Bolt Bolt Cms
1 Github repository
5.4
CVSSv3
CVE-2017-11127
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
Bolt Bolt Cms 3.2.14
5.4
CVSSv3
CVE-2017-11128
Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
Bolt Bolt Cms 3.2.14
6.1
CVSSv3
CVE-2019-15484
Bolt prior to 3.6.10 has XSS via an image's alt or title field.
Boltcms Bolt
5.3
CVSSv3
CVE-2020-28925
Bolt prior to 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.
Boltcms Bolt
NA
CVE-2015-7309
The theme editor in Bolt prior to 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
Boltcms Bolt
1 EDB exploit
8.8
CVSSv3
CVE-2019-9185
Controller/Async/FilesystemManager.php in the filemanager in Bolt prior to 3.6.5 allows remote malicious users to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
Boltcms Bolt
5.3
CVSSv3
CVE-2017-16754
Bolt prior to 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
Boltcms Bolt
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »