CVE-2024-24026 | nove-plus up to 4.3.0-RC1 com.java2nb.system.controller.SysUserController: uploadImg filename unrestricted upload

Posted by Angelo Barbosa | Feb 8, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in nove-plus up to 4.3.0-RC1. Affected by this issue is the function uploadImg of the component com.java2nb.system.controller.SysUserController:. The manipulation of the argument filename leads to unrestricted upload.

This vulnerability is handled as CVE-2024-24026. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-24026 | nove-plus up to 4.3.0-RC1 com.java2nb.system.controller.SysUserController: uploadImg filename unrestricted upload

Related Posts

CVE-2024-7667 | SourceCodester Car Driving School Management System 1.0 User.php delete_users id sql injection

CVE-2024-3420 | SourceCodester Online Courseware 1.0 admin/saveedit.php id sql injection

CVE-2024-43168 | Unbound up to 1.19.3 config_file.c cfg_mark_ports heap-based overflow

CVE-2024-7898 | Tosei Online Store Management System ネット店舗管理システム Backend default credentials