Boltcms

Bolt

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-34086

Exploit
  • EPSS 50.83%
  • Veröffentlicht 03.07.2025 19:46:16
  • Zuletzt bearbeitet 16.09.2025 19:51:00

Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user prof...

5.4

CVE-2024-7300

Exploit
  • EPSS 0.17%
  • Veröffentlicht 31.07.2024 07:15:02
  • Zuletzt bearbeitet 13.02.2025 17:52:43

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to c...

5.4

CVE-2024-7299

Exploit
  • EPSS 0.18%
  • Veröffentlicht 31.07.2024 07:15:02
  • Zuletzt bearbeitet 13.02.2025 17:52:48

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argume...

9.1

CVE-2022-31321

  • EPSS 0.43%
  • Veröffentlicht 01.08.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 07:04:19

The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input.

7.5

CVE-2021-27367

  • EPSS 0.27%
  • Veröffentlicht 17.02.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 05:57:51

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.

5.3

CVE-2020-28925

  • EPSS 0.34%
  • Veröffentlicht 30.12.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:23:18

Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

6.1

CVE-2020-4041

Exploit
  • EPSS 0.44%
  • Veröffentlicht 08.06.2020 22:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:12

In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the...

4.3

CVE-2020-4040

Exploit
  • EPSS 0.5%
  • Veröffentlicht 08.06.2020 22:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:12

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to ...

6.1

CVE-2019-9553

Exploit
  • EPSS 0.99%
  • Veröffentlicht 31.12.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:51:50

Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.

6.1

CVE-2019-20058

Exploit
  • EPSS 0.33%
  • Veröffentlicht 29.12.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:37:59

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040