bolo-solo V2.6.4 Write any fileالمعلومات

عنوان	https://github.com/bolo-blog/bolo-solo/ bolo-solo V2.6.4 Write any file
الوصف	A path traversal vulnerability exists in the /import/markdown endpoint of bolo-solo version 2.6.4_stable. The application uses an unsafe ZIP extraction routine (unpackFilteredZip) that fails to sanitize or validate file paths within uploaded ZIP archives. Specifically, the function constructs output file paths using new File(outputDir, entryName) without canonicalizing or restricting the entry name to the intended output directory. As a result, an authenticated attacker (typically with admin privileges) can upload a malicious ZIP file containing entries with path traversal sequences (e.g., ../../../etc/passwd or ../../static/poc.html). Upon extraction, arbitrary files can be written to any location on the filesystem where the application process has write permissions. This may lead to remote code execution (e.g., via webshell upload), configuration file overwrite, or denial of service.
المصدر	⚠️ https://github.com/bolo-blog/bolo-solo/issues/326
المستخدم	MaoQiu (UID 94327)
ارسال	20/01/2026 03:40 AM (5 أشهر منذ)
الاعتدال	03/02/2026 03:04 PM (14 days later)
الحالة	تمت الموافقة
إدخال VulDB	343978 [bolo-blog bolo-solo حتى 2.6.4 ZIP File BackupService.java unpackFilteredZip ملف اجتياز الدليل]
النقاط	20

Want to know what is going to be exploited?

We predict KEV entries!