What is GHSA-j85r-p3j3-xxp2?

GHSA-j85r-p3j3-xxp2 is a security advisory published by GitHub Security Advisories with Medium severity. Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages...

Which CVE IDs does GHSA-j85r-p3j3-xxp2 cover?

GHSA-j85r-p3j3-xxp2 covers the following CVE IDs: CVE-2026-39229. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-j85r-p3j3-xxp2?

GHSA-j85r-p3j3-xxp2 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-j85r-p3j3-xxp2MediumCVSS 6.5

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-39229 →

📋 Description

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-39229
https://boltcms.io
https://github.com/Tonoss-412/My-CVE/blob/main/CVE-2026-39229.md
https://github.com/bolt/bolt
https://github.com/advisories/GHSA-j85r-p3j3-xxp2