2 matches found
CVE-2024-24024
Novel-Plus v4.3.0-RC1 and earlier versions are affected by an arbitrary file download vulnerability in com.java2nb.common.controller.FileController:fileDownload(). An attacker can supply specially crafted filePath and fileName parameters to cause unauthorized access to arbitrary files. The issue ...
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...