Bolt CMS versions 3.7.0 and below suffer from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities that when combined can achieve remote code execution in one click.
63f82ab2668cd76e8c576715141ddcdae04ec41e73b11fc6fb4a9139a2bf5851