CNNVD-202602-217 Information

CNNVD ID

CNNVD-202602-217

Related CVE

CVE-2026-1811

• CNNVD Published: 2026-02-03

Description (Chinese)

bolo-solo是bolo-blog开源的一个博客系统。 bolo-blog bolo-solo 2.6.4及之前版本存在路径遍历漏洞，该漏洞源于文件src/main/java/org/b3log/solo/bolo/prop/BackupService.java中importFromMarkdown函数对参数File的操作不当，可能导致路径遍历攻击。

Description (English)

This post is part of our special coverage Global Voices 2011. bolo-blog bolo-solo-solo 2.6.4 and previous versions have path-to-path loopholes that stem from the inappropriate operation of the Import Front Markdown function in file src/main/java/org/b3log/solo/bolo/prop/BackupService.java to the parameter File, which could lead to a path-to-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

bolo-blog

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/bolo-blog/bolo-solo/issues/327 https://vuldb.com/?submit.742437 https://vuldb.com/?id.343979 https://vuldb.com/?ctiid.343979 https://access.redhat.com/security/cve/cve-2026-1811