FelipeGaspar

1 exploit Active since Apr 2019
CVE-2019-10874 EXPLOITDB HIGH html WORKING POC
Bolt CMS 3.6.6 - Cross-Site Request Forgery to Remote Code Execution via File Upload
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
CVSS 8.8