Bolo Solo
Monthly
Unrestricted file upload in Bolo Solo up to version 2.6.4 allows authenticated remote attackers to upload arbitrary files via the FreeMarker Template Handler component. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification. An attacker with valid credentials can achieve limited confidentiality, integrity, and availability impacts.
Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate file path arguments in the backup import function, potentially accessing or modifying arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. The attack requires valid credentials but can be executed remotely over the network.
Path traversal in Bolo Solo's importFromMarkdown function allows authenticated attackers to manipulate file paths and access arbitrary files on affected systems. The vulnerability affects Bolo Solo versions up to 2.6.4 and requires valid credentials but no user interaction to exploit. Public exploit code exists for this vulnerability, and no patch is currently available.
Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate ZIP file extraction operations in the BackupService component, potentially reading or writing arbitrary files on the affected system. Public exploit code is available for this vulnerability, and the vendor has not yet provided a patch despite early notification.
Unsafe deserialization in Bolo Solo up to version 2.6.4 through the SnakeYAML component allows authenticated attackers to execute arbitrary code remotely via the importMarkdownsSync function. Public exploit code exists for this vulnerability and no patch is currently available. Authenticated users with access to the backup functionality can trigger this flaw to compromise affected systems.
Unrestricted file upload in Bolo Solo up to version 2.6.4 allows authenticated remote attackers to upload arbitrary files via the FreeMarker Template Handler component. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification. An attacker with valid credentials can achieve limited confidentiality, integrity, and availability impacts.
Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate file path arguments in the backup import function, potentially accessing or modifying arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. The attack requires valid credentials but can be executed remotely over the network.
Path traversal in Bolo Solo's importFromMarkdown function allows authenticated attackers to manipulate file paths and access arbitrary files on affected systems. The vulnerability affects Bolo Solo versions up to 2.6.4 and requires valid credentials but no user interaction to exploit. Public exploit code exists for this vulnerability, and no patch is currently available.
Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate ZIP file extraction operations in the BackupService component, potentially reading or writing arbitrary files on the affected system. Public exploit code is available for this vulnerability, and the vendor has not yet provided a patch despite early notification.
Unsafe deserialization in Bolo Solo up to version 2.6.4 through the SnakeYAML component allows authenticated attackers to execute arbitrary code remotely via the importMarkdownsSync function. Public exploit code exists for this vulnerability and no patch is currently available. Authenticated users with access to the backup functionality can trigger this flaw to compromise affected systems.