CVE-2026-1813

Medium CVSS: 5.3

A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Vendor

Adlered

Product

Bolo-solo

CWE

CWE-284

Yayın Tarihi

2026-02-04 00:16:08

Güncelleme

2026-03-03 00:19:01

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Bolo-solo MEDIUM Adlered 2026

Referanslar

https://github.com/bolo-blog/bolo-solo/ https://github.com/bolo-blog/bolo-solo/issues/329 https://vuldb.com/?ctiid.343981 https://vuldb.com/?id.343981 https://vuldb.com/?submit.743402

Benzer Kayıtlar

Medium

CVE-2026-1812

A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the fi…

Medium

CVE-2026-1811

A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/m…

Medium

CVE-2026-1810

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip…

Medium

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/m…