A vulnerability, which was classified as problematic, has been found in nove-plus up to 4.3.0-RC1. Affected by this issue is the function
uploadImg
of the component com.java2nb.system.controller.SysUserController:. The manipulation of the argument filename leads to unrestricted upload.
This vulnerability is handled as CVE-2024-24026. Access to the local network is required for this attack to succeed. There is no exploit available.