CVE-2019-10874

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.

Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.

Cross Site Request Forgery (CSRF) in the `bolt/upload` File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the `file/edit/config/config.yml` configuration file.

Cross Site Request Forgery (CSRF) in the `bolt/upload` File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the `file/edit/config/config.yml` configuration file.

Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funcionalidad de subida de archivos "bolt/upload" en Bolt CMS, en su versión 3.6.6, permite a los atacantes remotos ejecutar código arbitrario subiendo un archivo JavaScript para incluir extensiones ejecutables en el archivo de configuración en file/edit/config/config.yml.