Описание
Code Injection in Bolt CMS
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
Пакеты
Наименование
bolt/core
composer
Затронутые версииВерсия исправления
<= 4.2
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
почти 4 года назад
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.