Description
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
Remediation
References
https://github.com/b3log/symphony/issues/620
Related Vulnerabilities
CVE-2023-3635 Vulnerability in maven package com.squareup.okio:okio
CVE-2015-1833 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service
CVE-2023-30094 Vulnerability in npm package total4
CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search