An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-08T00:00:00

Updated: 2024-08-01T23:19:51.274Z

Reserved: 2024-01-25T00:00:00

Link: CVE-2024-24026

cve-icon Vulnrichment

Updated: 2024-08-01T23:19:51.274Z

cve-icon NVD

Status : Modified

Published: 2024-02-08T01:15:27.203

Modified: 2024-11-21T08:58:50.997

Link: CVE-2024-24026

cve-icon Redhat

No data.