CNNVD-202602-251 Information

CNNVD ID

CNNVD-202602-251

Related CVE

CVE-2026-1810

• CNNVD Published: 2026-02-03

Description (Chinese)

bolo-solo是bolo-blog开源的一个博客系统。 bolo-solo 2.6.4及之前版本存在路径遍历漏洞，该漏洞源于文件src/main/java/org/b3log/solo/bolo/prop/BackupService.java中unpackFilteredZip函数对参数File的操作不当，可能导致路径遍历攻击。

Description (English)

This post is part of our special coverage Global Voices 2011. bolo-solo 2.6.4 and previous versions have path-to-path loopholes, which stem from the inappropriate operation of the unpackFiltered Zip function in file src/main/java/org/b3log/solo/bolo/prop/BackupService.java on parameter File, which may result in a path-to-path attack.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

bolo-blog

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/bolo-blog/bolo-solo/issues/326 https://vuldb.com/?id.343978 https://vuldb.com/?ctiid.343978 https://vuldb.com/?submit.742422 https://access.redhat.com/security/cve/cve-2026-1810