Arbitrary File Read Vulnerability in Novel-Plus Software
CVE-2024-33383

Currently unrated

Key Information:

Vendor: Novel-Plus Technologies
Vendor: CVE Published:; 30 April 2024

What is CVE-2024-33383?

A vulnerability present in the Novel-Plus software versions 4.3.0 and older allows remote attackers to exploit arbitrary file read conditions. By manipulating the filePath parameter in a crafted GET request, an attacker can gain unauthorized access to sensitive files stored on the server. This vulnerability highlights the importance of properly validating user input and implementing strict access controls to safeguard against unauthorized data exposure.

References

https://juvl1ne.github.io/2024/04/18/novel-plus-vulnerabi...

Timeline

Vulnerability published
Apr 30, 2024

Novel-Plus Technologies

What is CVE-2024-33383?

References

Timeline