CNNVD-202602-532 Information

CNNVD ID

CNNVD-202602-532

Related CVE

CVE-2026-1813

• CNNVD Published: 2026-02-04

Description (Chinese)

bolo-solo是bolo-blog开源的一个博客系统。 bolo-solo 2.6.4及之前版本存在代码问题漏洞，该漏洞源于文件src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java中FreeMarker Template Handler组件对参数File的操作不当，可能导致无限制上传攻击。

Description (English)

This post is part of our special coverage Global Voices 2011. bolo-solo 2.6.4 and previous versions had a code problem loophole, which originated in document src/main/java/org/b3log/solo/bolo/pic/PicUploadProcesor.java ’ s freemarker Template Handler component was not working properly on the parameter File, which could lead to an unlimited upload attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

bolo-blog

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/bolo-blog/bolo-solo/issues/329 https://vuldb.com/?ctiid.343981 https://vuldb.com/?id.343981 https://vuldb.com/?submit.743402 https://access.redhat.com/security/cve/cve-2026-1813