Lucene search
K

20 matches found

Prion
Prion
added 2024/02/20 4:15 p.m.21 views

Privilege escalation

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

8.1AI score0.00783EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/20 12:0 a.m.17 views

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

7.7AI score0.00783EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/20 12:0 a.m.15 views

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

7.8AI score0.00783EPSS
Exploits0References2
OSV
OSV
added 2024/02/08 2:15 a.m.17 views

CVE-2024-24014

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list...

9.8CVSS8.1AI score
Exploits0References2
OSV
OSV
added 2024/02/08 2:15 a.m.20 views

CVE-2024-24017

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list...

9.8CVSS8.1AI score
Exploits0References2
OSV
OSV
added 2024/02/08 1:15 a.m.14 views

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

9.8CVSS8.1AI score
Exploits0References2
OSV
OSV
added 2024/02/08 1:15 a.m.154 views

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS7.2AI score
Exploits0References2
OSV
OSV
added 2024/02/08 1:15 a.m.22 views

CVE-2024-24024

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

9.8CVSS7.1AI score
Exploits0References2
OSV
OSV
added 2024/02/08 1:15 a.m.12 views

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS7.2AI score
Exploits0References2
NVD
NVD
added 2024/02/08 1:15 a.m.16 views

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

9.8CVSS9.7AI score0.00622EPSS
Exploits0References2
NVD
NVD
added 2024/02/08 1:15 a.m.23 views

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS9.4AI score0.00694EPSS
Exploits0References2
Prion
Prion
added 2024/02/08 1:15 a.m.15 views

Sql injection

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list...

7.5CVSS8.4AI score0.00609EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/08 1:15 a.m.13 views

Privilege escalation

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

7.5CVSS7.4AI score0.00694EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/08 1:15 a.m.20 views

Arbitrary file deletion

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

7.5CVSS7.4AI score0.00654EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.14 views

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

7.8AI score0.00622EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/08 12:0 a.m.22 views

CVE-2024-24017

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list...

10AI score0.00627EPSS
Exploits0References2
CVE
CVE
added 2024/02/08 12:0 a.m.205 views

CVE-2024-24018

Summary of CVE-2024-24018 (Novel-Plus) : A SQL injection vulnerability affects Novel-Plus versions 4.3.0-RC1 and earlier, exploitable via the API endpoint /system/dataPerm/list by passing crafted values for the offsets/limits/sort parameters. The CVSS 3.1 score is 9.8 (CRITICAL) with network acce...

9.8CVSS9.7AI score0.00609EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/07 12:0 a.m.56 views

CVE-2024-24019

Affected software: Novel-Plus prior to 4.3.0-RC1. Vulnerable endpoint: /system/roleDataPerm/list. Root cause: SQL injection via crafted offset, limit, and sort parameters. Impact: high across confidentiality, integrity, and availability (CVSS 3.1: 9.8). Exploitation status: not detailed in the pr...

9.8CVSS9.7AI score0.00586EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/02/06 4:15 p.m.18 views

CVE-2024-24013

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list...

9.8CVSS9.7AI score0.00586EPSS
Exploits0References2
OSV
OSV
added 2024/02/06 4:15 p.m.157 views

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

9.8CVSS8.1AI score
Exploits0References2
Rows per page
Query Builder