Bolt is vulnerable to arbitrary code execution. The library does not properly check for file type during file uploads and the theme editor allows the renaming of file extentions. This allows a malicious user to inject and execute arbitrary PHP code by passing a php file saved with a different file extention and renaming it with the theme editor before accessing it.
blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html
packetstormsecurity.com/files/133539/CMS-Bolt-2.2.4-File-Upload.html
seclists.org/fulldisclosure/2015/Aug/66
www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload
bolt.cm/item/bolt-2-2-5-released
bolt.cm/newsitem/bolt-2-2-5-released
github.com/bolt/bolt/commit/714a66801b4d84e328c90e1fac300df16f13d66f
www.exploit-db.com/exploits/38196/
www.rapid7.com/db/modules/exploit/multi/http/bolt_file_upload