Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote malicious users to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
boltcms bolt 3.6.6 |