Medu554

**Name of the Vulnerable Software and Affected Versions** Bolt versions prior to 3.6.5 **Description** The issue allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. This is possible due to a flaw in the `Controller/Async/FilesystemManager.php` file in the filemanager. **Recommendations** For versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue. As a temporary workaround, consider restricting file upload and rename capabilities to minimize the risk of exploitation. Avoid allowing users to upload files with .php extensions until the issue is resolved.