CVE-2020-4040
- Reference to the description:
- Description:
- Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
- Last updated date:
- 10/07/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/07/2022
- Reference url to background
http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/07/2022
- Reference url to background