CVE-2015-7309

The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.

Date published : 2015-09-22

https://bolt.cm/newsitem/bolt-2-2-5-released

https://www.exploit-db.com/exploits/38196/