Bolt CMS versions 3.7.0 and below suffer from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities that when combined can achieve remote code execution in one click.
Support the originator by clicking the read the rest link below.