CVE-2024-24024 | novel-plus up to 4.3.0-RC1 com.java2nb.common.controller.FileController fileDownload filePath/fieName information disclosure

Çağlar Arlı - 15 Views

CVE-2024-24024 | novel-plus up to 4.3.0-RC1 com.java2nb.common.controller.FileController fileDownload filePath/fieName information disclosure

A vulnerability, which was classified as problematic, was found in novel-plus up to 4.3.0-RC1. Affected is the function fileDownload of the component com.java2nb.common.controller.FileController. The manipulation of the argument filePath/fieName leads to information disclosure. This vulnerability is traded as CVE-2024-24024. The attack can only be initiated within the local network. There is no exploit available.

P	S	Ç	P	C	C	P
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29

Annanowa

CVE-2024-24024 | novel-plus up to 4.3.0-RC1 com.java2nb.common.controller.FileController fileDownload filePath/fieName information disclosure

CVE-2024-24024 | novel-plus up to 4.3.0-RC1 com.java2nb.common.controller.FileController fileDownload filePath/fieName information disclosure

Son Yazılar

Son Yorumlar