Controller/Async/FilesystemManager.php in the filemanager in Bolt prior to 3.6.5 allows remote malicious users to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
boltcms bolt |