CVE-2026-1813 | bolo-blog bolo-solo up to 2.6.4 FreeMarker Template PicUploadProcessor.java File unrestricted upload (Issue 329)

A vulnerability classified as critical was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload.

This vulnerability is known as CVE-2026-1813. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1813 | bolo-blog bolo-solo up to 2.6.4 FreeMarker Template PicUploadProcessor.java File unrestricted upload (Issue 329)

Post correlati

CVE-2024-29143 | Cozmoslabs Passwordless Login Plugin up to 1.1.2 on WordPress cross site scripting

CVE-2024-4423 | CEMI Tomasz Pawełek CemiPark 4.5/4.7/5.03 sql injection

CVE-2024-0514 | Royal Elementor Addons and Templates Plugin up to 1.3.87 on WordPress add_to_compare cross-site request forgery

CVE-2025-54063 | CherryHQ cherry-studio up to 1.5.0 URL code injection