Browse all 4 CVE security advisories affecting bolo-blog. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bolo-blog is a lightweight content management system designed for simple blogging and website creation, primarily used by small businesses and individual developers. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The platform's minimalistic approach often results in insufficient input validation and inadequate access controls, making it a target for attackers seeking to compromise web servers. While no major public security incidents have been widely documented, its consistent vulnerability pattern suggests a need for enhanced security practices in development and deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1813 | bolo-blog bolo-solo FreeMarker Template PicUploadProcessor.java unrestricted upload — bolo-soloCWE-434 | 6.3 | Medium | 2026-02-03 |
| CVE-2026-1812 | bolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversal — bolo-soloCWE-22 | 6.3 | Medium | 2026-02-03 |
| CVE-2026-1811 | bolo-blog bolo-solo Filename BackupService.java importFromMarkdown path traversal — bolo-soloCWE-22 | 6.3 | Medium | 2026-02-03 |
| CVE-2026-1810 | bolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversal — bolo-soloCWE-22 | 6.3 | Medium | 2026-02-03 |
This page lists every published CVE security advisory associated with bolo-blog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.