{"id":7206,"date":"2025-06-24T01:28:29","date_gmt":"2025-06-24T01:28:29","guid":{"rendered":"http:\/\/localhost\/?p=7206"},"modified":"2025-06-24T01:28:29","modified_gmt":"2025-06-24T01:28:29","slug":"xxyopen201206030-novel-plus-file-filecontrollerjava-remove-resource-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7206","title":{"rendered":"xxyopen\/201206030 novel-plus File FileController.java remove resource injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nxxyopen\/201206030 novel-plus File FileController.java remove resource injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-24T00:31:05.097Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nxxyopen<\/td>\n<\/tr>\n
Product<\/th>\nnovel-plus<\/td>\n<\/tr>\n
Version<\/th>\n5.1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n2.3 (LOW)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:H\/AT:N\/PR:L\/UI:N\/VC:N\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA vulnerability in the novel-plus product allows improper control of resource identifiers, potentially enabling remote attacks. However, the complexity of exploiting this vulnerability is high, making it difficult for attackers to leverage. The issue affects versions 5.1.0 to 5.1.3 of the product.<\/td>\n<\/tr>\n
AI Severity<\/th>\nLow<\/td>\n<\/tr>\n
Vendor<\/th>\nxxyopen<\/td>\n<\/tr>\n
Product<\/th>\nnovel-plus<\/td>\n<\/tr>\n
Affected Version<\/th>\n5.1.0, 5.1.1, 5.1.2, 5.1.3<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n