Description
A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-02-03
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unrestricted File Upload
Action: Patch ASAP
AI Analysis

Impact

A vulnerability in the FreeMarker Template Handler of bolo-blog bolo-solo permits an attacker to upload arbitrary files because the PicUploadProcessor does not validate the uploaded file type or name. This flaw is a classic example of improper authorization (CWE‑284) and unrestricted file upload (CWE‑434). This unrestricted upload capability can allow the placement of malicious script files on the server, potentially leading to remote code execution or other serious compromises. The defect is coded in the PicUploadProcessor.java file used by versions up to 2.6.4.

Affected Systems

The issue affects the bolo-blog bolo-solo platform version 2.6.4 and earlier. The vulnerable component is the PicUploadProcessor that processes file uploads within the FreeMarker Template Handler. No other versions or modules are explicitly listed as impacted in the current data.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. EPSS is reported as < 1%, suggesting low exploitation probability at present, but the exploit has been made public, so an attacker could still attempt it without much effort. The vulnerability is not yet listed in the CISA KEV catalog. Attackers can exploit it remotely by sending crafted upload requests; no local privileges or complex prerequisites are required. Because it allows uploading of any file type, there is a tangible risk of executing arbitrary code on the web server if the uploaded file is a script.

Generated by OpenCVE AI on April 18, 2026 at 14:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest official release (>=2.6.5) once the vendor provides a fix.
  • If a patch is unavailable, enforce MIME type and file‑extension checks on the server side to allow only safe image types.
  • Configure the web server to set the upload directory as non‑executable, preventing code execution.
  • Restrict the upload endpoint to authenticated users only and apply strict access controls.
  • Consider implementing a WAF rule to reject large or suspicious file uploads.

Generated by OpenCVE AI on April 18, 2026 at 14:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Mar 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Adlered
Adlered bolo-solo
CPEs cpe:2.3:a:adlered:bolo-solo:*:*:*:*:*:*:*:*
Vendors & Products Adlered
Adlered bolo-solo

Wed, 04 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Bolo-blog
Bolo-blog bolo-solo
Vendors & Products Bolo-blog
Bolo-blog bolo-solo

Tue, 03 Feb 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Title bolo-blog bolo-solo FreeMarker Template PicUploadProcessor.java unrestricted upload
Weaknesses CWE-284
CWE-434
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Adlered Bolo-solo
Bolo-blog Bolo-solo
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:16:12.459Z

Reserved: 2026-02-03T14:03:59.072Z

Link: CVE-2026-1813

cve-icon Vulnrichment

Updated: 2026-02-04T14:18:10.685Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T00:16:08.743

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-1813

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:15:04Z

Weaknesses