CNNVD-202506-3023 Information
CNNVD ID
CNNVD-202506-3023
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
novel-plus是xxy个人开发者的一个小说阅读软件。 novel-plus 5.1.3及之前版本存在安全漏洞,该漏洞源于文件处理组件对资源标识符控制不当,可能导致远程攻击。
Description (English)
Novel-plus is a novel reading software for xxy personal developers. There is a security loophole in the novel-plus 5.1.3 and previous versions, which arises from the inappropriate control of resource identifiers by document processing components, which may lead to a remote attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Live Support
Published
2025-06-24
Last Modified
2026-02-24
References
https://blog.0xd00.com/blog/missing-authorization-leads-to-arbitrary-file-deletion https://vuldb.com/?submit.596505 https://vuldb.com/?ctiid.313653 https://vuldb.com/?id.313653 https://blog.0xd00.com/blog/missing-authorization-leads-to-arbitrary-file-deletion#poc https://access.redhat.com/security/cve/cve-2025-6534
Patch
https://github.com/201206030/novel-plus/releases
Share on: