Bolt
by Boltcms
Source repositories
- https://github.com/bolt/boltarchived
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39229 | Med | 0.35 | 6.5 | 0.00 | May 29, 2026 | Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information | ||
| CVE-2017-11128 | Med | 0.35 | 5.4 | 0.01 | Jul 17, 2017 | Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | ||
| CVE-2017-11127 | Med | 0.35 | 5.4 | 0.01 | Jul 17, 2017 | Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | ||
| CVE-2017-16754 | Med | 0.28 | 5.3 | 0.02 | Nov 10, 2017 | Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | ||
| CVE-2026-11511 | Low | 0.23 | 3.5 | 0.00 | Jun 8, 2026 | A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to… | ||
| CVE-2015-7309 | 0.06 | — | 0.39 | Sep 22, 2015 | The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. | |||
| CVE-2019-10874 | 0.03 | — | 0.05 | Apr 5, 2019 | Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. | |||
| CVE-2022-36532 | 0.02 | — | 0.25 | Sep 16, 2022 | Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution. | |||
| CVE-2024-7299 | 0.00 | — | 0.00 | Jul 31, 2024 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site… | |||
| CVE-2022-2394 | 0.00 | — | 0.00 | Jul 19, 2022 | Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | |||
| CVE-2019-20058 | 0.00 | — | 0.01 | Dec 29, 2019 | Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040 | |||
| CVE-2019-9185 | 0.00 | — | 0.03 | Mar 7, 2019 | Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. |
- risk 0.35cvss 6.5epss 0.00
Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information
- risk 0.35cvss 5.4epss 0.01
Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
- risk 0.35cvss 5.4epss 0.01
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
- risk 0.28cvss 5.3epss 0.02
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
- risk 0.23cvss 3.5epss 0.00
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to…
- CVE-2015-7309Sep 22, 2015risk 0.06cvss —epss 0.39
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
- CVE-2019-10874Apr 5, 2019risk 0.03cvss —epss 0.05
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
- CVE-2022-36532Sep 16, 2022risk 0.02cvss —epss 0.25
Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
- CVE-2024-7299Jul 31, 2024risk 0.00cvss —epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site…
- CVE-2022-2394Jul 19, 2022risk 0.00cvss —epss 0.00
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
- CVE-2019-20058Dec 29, 2019risk 0.00cvss —epss 0.01
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040
- CVE-2019-9185Mar 7, 2019risk 0.00cvss —epss 0.03
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.