Improper Access Restriction to _profiler Routes in Bolt before 3.3.6

Improper Access Restriction to _profiler Routes in Bolt before 3.3.6

CVE-2017-16754 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.

Learn more about our Web Application Penetration Testing UK.