4 matches found
CVE-2019-10874
Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...
CVE-2019-10874
Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...
CVE-2019-10874
Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...
CVE-2019-10874
Bolt CMS 3.6.6 is affected by a CSRF in the bolt/upload file upload feature. An attacker can upload a JavaScript file to trigger code execution by manipulating the file/edit/config/config.yml configuration, enabling arbitrary code execution on the server. The vulnerability is described across mul...