Description
Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information
Published: 2026-05-29
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Bolt CMS versions up to and including 3.7.0 contain a flaw in the OrderDirective component that processes the 'order' parameter on content listing pages. The unfiltered parameter permits an authenticated attacker with minimal privileges to inject arbitrary SQL commands. Successful exploitation would allow the attacker to query the database and extract sensitive information, compromising the confidentiality of the application data.

Affected Systems

All Bolt CMS installations on or prior to version 3.7.0 are affected. The vulnerability arises wherever the content listing functionality accepts an 'order' field and does not perform proper sanitisation; no specific operating system, database, or configuration is required beyond authentication.

Risk and Exploitability

The flaw scores a CVSS score of 6.5. EPSS is not available, so a precise probability estimate is lacking, but the absence of a requirement for privilege escalation means that any authenticated user with low privileges can potentially exploit the injection. The vulnerability is not listed in the CISA KEV catalog, indicating no publicly known exploitation, yet the potential impact remains significant if attackers acquire any valid authenticated session.

Generated by OpenCVE AI on May 29, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Bolt CMS to the latest release, at least 3.7.1 or later, which contains the patch for this SQL injection.
  • If an upgrade is delayed, restrict authenticated users from accessing content listing routes that accept the 'order' parameter, or enforce parameter whitelisting to allow only a predefined set of sort fields.
  • Deploy a web application firewall or database monitoring solution to detect and block anomalous SQL query patterns that could indicate exploitation attempts.

Generated by OpenCVE AI on May 29, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 22:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in Ordering Parameter of Bolt CMS 3.7.0 and Earlier Allowing Data Exfiltration by Authenticated Low‑Privilege Users

Fri, 29 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Ordering Parameter of Bolt CMS 3.7.0 and Earlier Allowing Data Exfiltration by Authenticated Low‑Privilege Users
First Time appeared Bolt
Bolt bolt Cms
Weaknesses CWE-89
Vendors & Products Bolt
Bolt bolt Cms

Fri, 29 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information
References

Subscriptions

Bolt Bolt Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-29T19:29:42.941Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-39229

cve-icon Vulnrichment

Updated: 2026-05-29T19:29:33.795Z

cve-icon NVD

Status : Deferred

Published: 2026-05-29T16:16:26.723

Modified: 2026-05-29T20:16:23.007

Link: CVE-2026-39229

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T22:00:09Z

Weaknesses