CVE-2025-4015 | 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SessionController.java list missing authentication

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by this issue is the function list of the file novel-system/src/main/java/com/java2nb/system/controller/SessionController.java. The manipulation leads to missing authentication.

This vulnerability is handled as CVE-2025-4015. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4015 | 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SessionController.java list missing authentication

Post correlati

CVE-2024-3167 | Ocean Extra Plugin up to 2.2.6 on WordPress cross site scripting

CVE-2024-5567 | Betheme Theme up to 27.5.5 on WordPress SVG File cross site scripting

CVE-2024-11344 | Lexmark CX/XC/CS/MS/MX/XM Postscript Interpreter type confusion

CVE-2024-11827 | Out of the Block Plugin up to 2.8.3 on WordPress Shortcode ootb_query cross site scripting