cvedb.io
CVE-2021-42967
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-05-13T12:15:08.103 · Last modified 2026-06-17T04:10:18.003

Summary

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.

Affected products

xxyopen — novel-plus

Does this affect you?

Add your gear to cvedb and we'll alert you only when xxyopen ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.