Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| bolt/bolt(Packagist) | 3.6.6 | 3.6.7 | N/A |
CVSS Metrics
