exploitDog

GHSA-8hjc-cwh9-jfpx

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.

Ссылки

EPSS

Процентиль: 77%

0.01082

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2021-30048

CVSS3: 5.3

nvd

почти 5 лет назад

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.

EPSS

Процентиль: 77%

0.01082

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22