This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7.
9f2d762b1d8e6bcbc5f7e02bde9b6d95028ec1015c112f2165e2847c2855320d
Bolt CMS version 3.7.0 suffers from an authenticated remote code execution vulnerability.
262facd2f0fdd5ed141e29f22bdab6b54fd025b952333424aa8f80d8ee4f027b
Bolt CMS version 3.6.10 suffers from a cross site request forgery vulnerability.
542707b978972f0d747d6caecd9f18999f07424eb2c9c2fa696a000f8afbe767
onArcade version 2.4.2 suffers from a cross site request forgery vulnerability.
54626ca3c318d64213981a9d8cc93fe8af457f70f998f7ee04637a2f570bfd1a