VYPR

Packagist (Composer) package

bolt/core

pkg:composer/bolt/core

Vulnerabilities (2)

  • CVE-2021-40219HigApr 11, 2022
    affected <= 4.2

    Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.

  • CVE-2021-27367HigFeb 17, 2021
    affected < 4.1.13fixed 4.1.13

    Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.