CVE-2025-4016 | 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 LogController.java deleteIndex improper authorization

A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization.

This vulnerability is uniquely identified as CVE-2025-4016. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4016 | 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 LogController.java deleteIndex improper authorization

Post correlati

CVE-2024-45893 | DrayTek Vigor 3900 1.5.1.3 cgi-bin/mainfunction.cgi setSWMOption action command injection

CVE-2023-49099 | Discourse up to 3.1.3/3.2.0.beta3 Secure Upload URL access control

CVE-2024-21601 | Juniper Junos OS flowd race condition (JSA75742)

CVE-2024-12849 | WP Guru Error Log Viewer Plugin up to 1.0.1.3 on WordPress authorization