b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI.
9.8CVSS
9.6AI Score
0.011EPSS
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
9.8CVSS
9.6AI Score
0.004EPSS