CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.1%

CVSS Severity

CVSS v3 Score 9.8

References

https://gist.github.com/capable-Hub/725c294f1aeac729fa314a32fef55d5a
https://reference1.example.com/login
https://gist.github.com/capable-Hub/725c294f1aeac729fa314a32fef55d5a
https://reference1.example.com/login

Products affected by CVE-2024-25274

Xxyopen » Novel-Plus » Version: 4.3.0

cpe:2.3:a:xxyopen:novel-plus:4.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25274

Products

Pricing

Contact Us