CNNVD-202506-2782 Information

CNNVD ID

CNNVD-202506-2782

Related CVE

CVE-2025-45890

• CNNVD Published: 2025-06-20

Description (Chinese)

novel-plus是xxy个人开发者的一个小说阅读软件。 novel-plus 5.1.0之前版本存在安全漏洞，该漏洞源于filePath参数未验证，可能导致目录遍历攻击。

Description (English)

Novel-plus is a novel reading software for xxy personal developers. There was a security loophole in the pre-Novel-plus 5.1.0 version, which stemmed from the unverified filePath parameters, which could lead to a catalogue attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-06-20

Last Modified

2026-02-24

References

https://github.com/SecureCore1/CVE/blob/main/novel-plus/readme.md https://access.redhat.com/security/cve/cve-2025-45890

Patch

https://github.com/201206030/novel-plus/releases