Описание
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Ссылки
- Product
- Third Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.0 (включая)
Одно из
cpe:2.3:a:xxyopen:novel-plus:*:*:*:*:*:*:*:*
cpe:2.3:a:xxyopen:novel-plus:4.3.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
EPSS
Процентиль: 29%
0.00103
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-434
CWE-434