Description
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
Remediation
References
https://github.com/b3log/symphony/issues/620
Related Vulnerabilities
CVE-2023-50102 Vulnerability in maven package com.jfinal:jfinal
CVE-2023-37462 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-ui
CVE-2021-25912 Vulnerability in npm package dotty
CVE-2022-21208 Vulnerability in npm package node-opcua
CVE-2021-32860 Vulnerability in maven package org.webjars.npm:izimodal