CVE-2024-24025

2024-02-0800:00:00

mitre

www.cve.org

file upload

novel-plus

filecontroller

arbitrary download

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.

References

github.com/201206030/novel-plus

github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24025.txt