CVE-2019-9185
Published
CVSS v3
N/A
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
Bolt is a simple CMS written in PHP. It is based on Silex and Symfony components, uses Twig and either SQLite, MySQL or PostgreSQL.
GitHub