PT-2024-20241 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...

NovelPlus 路径遍历漏洞

NovelPlus is an application. An open source mobile social application and idea publishing platform. NovelPlus suffers from a path traversal vulnerability that originates in the fileDownload function of com/java2nb/common/controller/FileController.java...

PT-2021-18585 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-plus 小说精品屋-plus version 3.5.1 Description: The issue allows attackers to read arbitrary files via the filePath parameter in the fileDownload function located in com/java2nb/common/controller/FileController.java. This enables access to...

CVE-2018-20437

FEBS-Shiro (prior to 2018-11-05) is affected by a vulnerability in the fileDownload function of the CommonController. An attacker can trigger arbitrary file download via /common/download?filename=1.jsp&delete=false. Root cause: insecure file handling in the CommonController. Impact is described a...