Vulnerabilities > Boltcms > Bolt > 3.7.1

DATE CVE VULNERABILITY TITLE RISK
2021-02-17 CVE-2021-27367 Path Traversal vulnerability in Boltcms Bolt
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.
network
low complexity
boltcms CWE-22
5.0
5.0
2020-12-30 CVE-2020-28925 Unspecified vulnerability in Boltcms Bolt
Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.
network
low complexity
boltcms
5.0
5.0