Xxyopen: >> Novel-Plus Security Vulnerabilities
Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-05-13
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-05
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-04-28
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-10
Page 4