CNNVD-202602-202 Information
CNNVD ID
CNNVD-202602-202
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
bolo-solo是bolo-blog开源的一个博客系统。 bolo-solo 2.6.4及之前版本存在路径遍历漏洞,该漏洞源于文件src/main/java/org/b3log/solo/bolo/prop/BackupService.java中importFromCnblogs函数对参数File的操作不当,可能导致路径遍历攻击。
Description (English)
This post is part of our special coverage Global Voices 2011. bolo-solo 2.6.4 and previous versions have path-to-path loopholes that originate from the inappropriate operation of the ImportFormCnblogs function in file src/main/java/org/b3log/solo/bolo/prop/BackupService.java on parameter File, which may result in a path-to-path attack.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
bolo-blog
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/bolo-blog/bolo-solo/issues/328 https://vuldb.com/?ctiid.343980 https://vuldb.com/?id.343980 https://vuldb.com/?submit.742582 https://access.redhat.com/security/cve/cve-2026-1812
Share on: