Description
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
Remediation
References
https://github.com/b3log/symphony/issues/620
Related Vulnerabilities
CVE-2019-10742 Vulnerability in maven package org.webjars.bowergithub.axios:axios
CVE-2023-25766 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials
CVE-2022-25869 Vulnerability in maven package org.webjars.npm:angular
CVE-2023-3414 Vulnerability in maven package io.jenkins.plugins:servicenow-devops