CVE-2024-25274 | Novel-Plus 4.3.0-RC1 /sysFile/upload unrestricted upload

Posted by Angelo Barbosa | Feb 20, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in Novel-Plus 4.3.0-RC1. This issue affects some unknown processing of the file /sysFile/upload. The manipulation leads to unrestricted upload.

The identification of this vulnerability is CVE-2024-25274. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-25274 | Novel-Plus 4.3.0-RC1 /sysFile/upload unrestricted upload

Related Posts

CVE-2023-50208 | D-Link G416 ovpncfg stack-based overflow (ZDI-23-1824)

CVE-2023-35191 | Intel SPS resource consumption (intel-sa-00923)

CVE-2024-5892 | badhonrocks Divi Torque Lite Plugin up to 3.6.6 on WordPress support_unfiltered_files_upload cross site scripting

CVE-2024-36990 | Splunk Enterprise/Cloud Platform Datamodel Web REST Endpoint infinite loop (SVD-2024-0710)