Arbitrary File Upload Vulnerability
CVE-2024-24026

9.8CRITICAL

Key Information:

Vendor: Novel-Plus
Status: Novel-plus
Vendor: CVE Published:; 8 February 2024

What is CVE-2024-24026?

An arbitrary file upload vulnerability is present in the Novel-Plus software, specifically in versions 4.3.0-RC1 and prior. This vulnerability is located within the SysUserController at the uploadImg() method, allowing attackers to exploit it by providing a crafted filename parameter. Successfully exploiting this flaw can enable unauthorized file downloads, resulting in potential exposure of sensitive data or system compromise. It is crucial for users and administrators of Novel-Plus to address this issue by updating to the latest software version and reviewing their security postures to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/201206030/novel-plus

https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/m...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2024

JSON

Novel-Plus

What is CVE-2024-24026?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.