Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-03-07
Page 2