CVE-2024-25274
CVE-2024-25274 affects Novel-Plus v4.3.0-RC1, with an arbitrary file upload vulnerability in the /sysFile/upload component that allows an attacker to execute arbitrary code. Public documentation consistently cites a crafted file upload as the exploit vector, underscoring impact on confidentiality...