Lucene search
MitreVULNRICHMENT:CVE-2024-24024HistoryFeb 08, 2024 - 12:00 a.m.
CVE-2024-24024
2024-02-0800:00:00
mitre
github.com
3
arbitrary file download
novel-plus
filecontroller
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:xxyopen:novel-plus:4.3.0:rc1:*:*:*:*:*:*"
],
"vendor": "xxyopen",
"product": "novel-plus",
"versions": [
{
"status": "affected",
"version": "4.3.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:*"
],
"vendor": "xxyopen",
"product": "novel-plus",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "4.2.0"
}
],
"defaultStatus": "unknown"
}
]Related
prion
prion
Arbitrary file deletion
2024-02-08 01:15:00
nvd
nvd
CVE-2024-24024
2024-02-08 01:15:27
cvelist
cvelist
CVE-2024-24024
2024-02-08 00:00:00
osv
osv
CVE-2024-24024
2024-02-08 01:15:27
cve
cve
CVE-2024-24024
2024-02-08 01:15:27
AI Score
6.9
Confidence
High
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-24024