3 matches found
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
CVE-2024-24025
CVE-2024-24025 affects Novel-Plus versions 4.3.0-RC1 and earlier, where the vulnerability lives in the FileController.upload() function. An attacker can craft the filename parameter to trigger arbitrary file downloads, exposing sensitive data. The connected PT-2024-20242 entry corroborates an arb...