Remote Code Execution Vulnerability in Bolt CMS by Bolt
CVE-2021-40219

8.8HIGH

Key Information:

Vendor

Bolt

Status
Bolt Cms
Vendor
CVE Published:
11 April 2022

What is CVE-2021-40219?

Bolt CMS versions up to 4.2 are susceptible to a Remote Code Execution vulnerability due to unsafe theme rendering practices. An authenticated attacker can exploit this flaw by modifying the theme to inject server-side template commands, ultimately leading to unauthorized code execution on the server. This significant security weakness emphasizes the need for users to update their installations and follow best security practices to mitigate potential threats.

References

http://boltcms.com
x_refsource_MISC
https://github.com/bolt/core
x_refsource_MISC
https://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad...
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.