Arbitrary File Read Vulnerability in Novel-Plus Software

CVE-2024-33383

Summary

A vulnerability present in the Novel-Plus software versions 4.3.0 and older allows remote attackers to exploit arbitrary file read conditions. By manipulating the filePath parameter in a crafted GET request, an attacker can gain unauthorized access to sensitive files stored on the server. This vulnerability highlights the importance of properly validating user input and implementing strict access controls to safeguard against unauthorized data exposure.

References