First published: Thu Feb 08 2024(Updated: )
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xxyopen Novel-plus | <=4.2.0 | |
Xxyopen Novel-plus | =4.3.0-rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.