3 matches found
CVE-2021-30048
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus 小说精品屋-plus 3.5.1 allows attackers to read arbitrary files via the filePath parameter...
CVE-2021-30048
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus 小说精品屋-plus 3.5.1 allows attackers to read arbitrary files via the filePath parameter...
CVE-2021-30048
Novel-plus (小说精品屋-plus) 3.5.1 contains a Directory Traversal in the fileDownload function of FileController.java that allows reading arbitrary files via the filePath parameter. This is documented across multiple sources (NVD, Red Hat, OSV, CVE lists, and PT Security) with no publicly disclosed fi...