VYPR

Novel Plus

by Xxyopen

Source repositories

CVEs (44)

  • CVE-2021-42967May 13, 2022
    risk 0.00cvss epss 0.01

    Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.

  • CVE-2022-28462May 5, 2022
    risk 0.00cvss epss 0.01

    novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.

  • CVE-2022-24568Feb 10, 2022
    risk 0.00cvss epss 0.01

    Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.

  • CVE-2021-30048Apr 29, 2021
    risk 0.00cvss epss 0.02

    Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.

Page 3 of 3