CVE-2021-30048

Beschreibung:
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.

CWE: CWE-22

CVSS-Bewertung
CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: MEDIUM – 5.3 (Version: 3.1)

Links:

NVD – CVE-2021-30048
CVE – CVE-2021-30048

Link (max. 20) Quelle Tags
https://github.com/201206030/novel-plus/issues/39 MISC Exploit Third Party Advisory
https://www.exploit-db.com/exploits/49724 MISC Exploit Third Party Advisory VDB Entry

Quelle: NVD – CVE-2021-30048
Datum Veröffentlichung: 2021-04-29T17:15Z, Datum letzte Änderung: 2021-05-10T22:07Z