CVE-2024-24026
CVE-2024-24026 describes an arbitrary file upload vulnerability in Novel-Plus prior to and including v4.3.0-RC1. The issue exists in the function uploadImg() of SysUserController (com.java2nb.system.controller.SysUserController). An attacker can pass a specially crafted filename parameter to trig...