Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
bolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversal
Vulnerability Description
A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
bolo-solo 路径遍历漏洞
Vulnerability Description
bolo-solo是bolo-blog开源的一个博客系统。 bolo-solo 2.6.4及之前版本存在路径遍历漏洞,该漏洞源于文件src/main/java/org/b3log/solo/bolo/prop/BackupService.java中unpackFilteredZip函数对参数File的操作不当,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A