EPSS
Percentile
54.1%
bolt/core is vulnerable to path traversal. The vulnerability exists as it does not properly handle the path string in Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php, allowing directory traversal.
path
github.com/bolt/core/commit/3249a212f2be53db14a3fed57155488c28933641
github.com/bolt/core/commit/a10b0624d08b5866715dc5d7668b9a87d10e8c51
github.com/bolt/core/pull/2371
github.com/bolt/core/releases/tag/4.1.13