Code Injection in Bolt CMS

2022-04-1200:00:34

Google

osv.dev

0.072 Low

EPSS

Percentile

94.1%

JSON

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.

CPENameOperatorVersion
bolt/coreeq4.0.0-rc.5
bolt/coreeq4.0.0-rc.39
bolt/coreeq4.0.0-beta.2.9
bolt/coreeq4.0.0-beta.2.1
bolt/coreeq4.0.0-rc.23
bolt/coreeq4.0.0-rc.37
bolt/coreeq4.0.0-beta.1.3
bolt/coreeq4.0.0-rc.12
bolt/coreeq4.0.0-beta.1.1
bolt/coreeq4.0.0-beta.4.4

Name	Operator	Version
bolt/core	eq	4.0.0-rc.5
bolt/core	eq	4.0.0-rc.39
bolt/core	eq	4.0.0-beta.2.9
bolt/core	eq	4.0.0-beta.2.1
bolt/core	eq	4.0.0-rc.23
bolt/core	eq	4.0.0-rc.37
bolt/core	eq	4.0.0-beta.1.3
bolt/core	eq	4.0.0-rc.12
bolt/core	eq	4.0.0-beta.1.1
bolt/core	eq	4.0.0-beta.4.4