CVE-2019-17591

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-17591. PoCs published by r3m0t3nu11.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Bolt CMS 3.6.10, leading to XSS and potential RCE via file upload and manipulation. It uses XMLHttpRequest to perform unauthorized actions on behalf of an authenticated user.

Description

Bolt CMS 3.6.10 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by r3m0t3nu11 · textwebappsphp

https://www.exploit-db.com/exploits/47501

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Bolt CMS 3.6.10, leading to XSS and potential RCE via file upload and manipulation. It uses XMLHttpRequest to perform unauthorized actions on behalf of an authenticated user.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Bolt CMS 3.6.10

Auth required

Prerequisites: Authenticated user session · Access to the target Bolt CMS instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Bolt CMS 3.6.10 - Cross-Site Request Forgery

Exploitation Summary

Description

Exploits (1)

Details