Title: Description: - The endpoint in Bolo-Solo version 2.6.4 does not properly validate or sanitize user-supplied filenames during blog import operations. - An unauthenticated remote attacker can craft a malicious HTTP request to write arbitrary content to any writable location on the server filesystem. - The application allows directory traversal (using sequences like../) and can write to web-accessible scripts, leading to remote code execution, data tampering, or full system compromise. Source: User: Submission Date: Moderation Date: Status: VulDB Entry: (234380) Points: