CVE-2020-4040

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1
Configurations

Configuration 1

cpe:2.3:a:boltcms:bolt:*:*:*:*:*:*:*:*

Information

Published : 2020-06-08 10:15

Updated : 2022-10-07 01:25


NVD link : CVE-2020-4040

Mitre link : CVE-2020-4040

Products Affected
No products.
CWE