漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
bolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversal
Vulnerability Description
A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
bolo-solo 路径遍历漏洞
Vulnerability Description
bolo-solo是bolo-blog开源的一个博客系统。 bolo-solo 2.6.4及之前版本存在路径遍历漏洞,该漏洞源于文件src/main/java/org/b3log/solo/bolo/prop/BackupService.java中importFromCnblogs函数对参数File的操作不当,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A