Packagist (Composer) package
bolt/core
pkg:composer/bolt/core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-40219 | Hig | 8.8 | <= 4.2 | — | Apr 11, 2022 | Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. | |
| CVE-2021-27367 | Hig | 7.5 | < 4.1.13 | 4.1.13 | Feb 17, 2021 | Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. |
- affected <= 4.2
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
- affected < 4.1.13fixed 4.1.13
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.