CNNVD-202507-316 Information
CNNVD ID
CNNVD-202507-316
Related CVE
- CNNVD Published: 2025-07-03
Description (Chinese)
Bolt CMS是Bolt CMS开源的一套基于PHP的开源的内容管理系统。 Bolt CMS 3.7.0及之前版本存在安全漏洞,该漏洞源于允许认证用户在displayname字段注入任意PHP代码,可能导致远程代码执行。
Description (English)
Bolt CMS is a PHP-based open-source content management system for Bolt CMS. There is a security loophole in Bolt CMS 3.7.0 and earlier versions, which stems from allowing authentication users to inject any PHP code into the displayname field, which may result in remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Bolt CMS
Published
2025-07-03
Last Modified
2026-02-24
References
https://boltcms.io/newsitem/major-announcements-bolt-3-eol-bolt-4-2-5-0-releases https://github.com/bolt/bolt https://github.com/bolt/bolt/releases/tag/3.7.1 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/bolt_authenticated_rce.rb https://www.exploit-db.com/exploits/48296 https://www.rapid7.com/db/modules/exploit/unix/webapp/bolt_authenticated_rce/
Patch
https://github.com/bolt/bolt/releases
Share on: