PT-2024-20241 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...

PT-2021-18585 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-plus 小说精品屋-plus version 3.5.1 Description: The issue allows attackers to read arbitrary files via the filePath parameter in the fileDownload function located in com/java2nb/common/controller/FileController.java. This enables access to...

NovelPlus 路径遍历漏洞

NovelPlus is an application. An open source mobile social application and idea publishing platform. NovelPlus suffers from a path traversal vulnerability that originates in the fileDownload function of com/java2nb/common/controller/FileController.java...

CVE-2018-20437

FEBS-Shiro (prior to 2018-11-05) is affected by a vulnerability in the fileDownload function of the CommonController. An attacker can trigger arbitrary file download via /common/download?filename=1.jsp&delete=false. Root cause: insecure file handling in the CommonController. Impact is described a...