CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-24024

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

Privilege escalation

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

Arbitrary file deletion

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

Novel-Plus 代码问题漏洞

Novel-Plus is a multi-end PC, WAP reading, fully functional novel CMS system. Novel-Plus com.java2nb.common.controller.FileController: upload processing fieName parameter there is an arbitrary file upload vulnerability, a remote attacker can use the vulnerability to submit a special request, you...

CVE-2024-24024

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

CVE-2024-24024

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

PT-2024-20241 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

CVE-2021-42967

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files...

Unrestricted file upload

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files...

CVE-2021-30048

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus 小说精品屋-plus 3.5.1 allows attackers to read arbitrary files via the filePath parameter...

CVE-2021-30048

Novel-plus (小说精品屋-plus) 3.5.1 contains a Directory Traversal in the fileDownload function of FileController.java that allows reading arbitrary files via the filePath parameter. This is documented across multiple sources (NVD, Red Hat, OSV, CVE lists, and PT Security) with no publicly disclosed fi...

CVE-2021-30048

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus 小说精品屋-plus 3.5.1 allows attackers to read arbitrary files via the filePath parameter...