CVE-2021-30048

Опубликовано: 29 апр. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.

Ссылки

https://github.com/201206030/novel-plus/issues/39
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/49724
Exploit
Third Party Advisory
VDB Entry
https://github.com/201206030/novel-plus/issues/39
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/49724
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:novel_boutique_house-plus_project:novel_boutique_house-plus:3.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01082

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-8hjc-cwh9-jfpx