Privilege escalation

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

Novel-Plus Code Issue Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A code issue vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from an arbitrary file upload vulnerability in the component com.java2nb.system.controller.SysUserController: uploadImg...

PT-2024-20243 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary File upload vulnerability exists in the uploadImg function of SysUserController at com.java2nb.system.controller.SysUserController. This allows an attacker to pass in a special...

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

Design/Logic Flaw

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

PT-2023-19768 · Ofcms · Ofcms

Name of the Vulnerable Software and Affected Versions: Ofcms version 1.1.4 Description: An issue in Ofcms allows a remote attacker to escalate privileges via the respwd method in SysUserController. Recommendations: For Ofcms version 1.1.4, consider disabling the respwd method in SysUserController...

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

Ofcms 安全漏洞

Zhongtian Network Technology OFCMS is a content management system CMS developed in Java language by China Zhongtian Network Technology Company. A security vulnerability exists in Ofcms version v.1.1.4, which originated from allowing remote attackers to elevate privileges via the respwd method in...

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

CVE-2023-24760

CVE-2023-24760 affects Ofcms v1.1.4, allowing a remote attacker to escalate privileges via the respwd method in SysUserController. Affected component is Ofcms (web CMS); root cause described as improper access control in respwd. The NVD entry reports CVSSv3.1 base score 8.8 (Network, Low complexi...

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

Design/Logic Flaw

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...