Critical severity9.8NVD Advisory· Published Apr 27, 2018· Updated Jun 17, 2026
CVE-2018-10469
CVE-2018-10469
Description
b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
Affected products
1- Range: = 2.6.0
Patches
Vulnerability mechanics
References
1- github.com/b3log/symphony/issues/620nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.