| tiêu đề | https://github.com/bolo-blog/bolo-solo bolo-solo V2.6.4 Arbitrary File Write and Remote Code Execution |
|---|
| Mô tả | A path traversal vulnerability exists in the /import/markdown endpoint of bolo-solo version 2.6.4_stable, which allows authenticated attackers to upload Markdown files with malicious filenames containing directory traversal sequences (e.g., ../). This leads to arbitrary file write on the server filesystem.
Due to the application's use of the FreeMarker template engine, an attacker can overwrite existing .ftl template files (e.g., skins/bolo-sakura/index.ftl) with crafted content that includes FreeMarker expressions invoking dangerous Java classes such as freemarker.template.utility.Execute. When the affected template is rendered, arbitrary OS commands are executed on the underlying system, resulting in Remote Code Execution (RCE). |
|---|
| Nguồn | ⚠️ https://github.com/bolo-blog/bolo-solo/issues/327 |
|---|
| Người dùng | MaoQiu (UID 94327) |
|---|
| Đệ trình | 20/01/2026 04:14 (cách đây 5 các tháng) |
|---|
| Kiểm duyệt | 03/02/2026 15:04 (14 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 343979 [bolo-blog bolo-solo đến 2.6.4 Filename BackupService.java importFromMarkdown Tệp tin duyệt thư mục] |
|---|
| điểm | 20 |
|---|