CVE-2021-40219
published 2022-04-11CVE-2021-40219: Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.32%
87.1th percentile
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bolt | bolt_cms | <= 4.2.0 | — |
| bolt | core | 0 – 4.2 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Code Injection in Bolt CMS
osv·2022-04-12
CVE-2021-40219 [HIGH] Code Injection in Bolt CMS
Code Injection in Bolt CMS
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
GHSA
Code Injection in Bolt CMS
ghsa·2022-04-12
CVE-2021-40219 [HIGH] CWE-94 Code Injection in Bolt CMS
Code Injection in Bolt CMS
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://boltcms.comhttps://github.com/bolt/corehttps://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.phphttps://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219http://boltcms.comhttps://github.com/bolt/corehttps://github.com/bolt/core/blob/3b21a73ebf519b76756d3ad2841312d10ef11461/src/Controller/Frontend/TemplateController.phphttps://github.com/iiSiLvEr/CVEs/tree/main/CVE-2021-40219
2022-04-11
Published