Arbitrary File Upload Vulnerability in Novel-Plus by Novel
CVE-2024-25274

Currently unrated

Key Information:

Vendor: Novel
Status: Novel-Plus
Vendor: CVE Published:; 20 February 2024

What is CVE-2024-25274?

An arbitrary file upload vulnerability exists in the /sysFile/upload component of Novel-Plus v4.3.0-RC1. This flaw enables attackers to upload malicious files, potentially leading to remote code execution on affected systems. Proper validation of uploaded file types and restrictions on file sizes are crucial to mitigate possible exploitation. Organizations using this version of Novel-Plus should take immediate action to review their security measures to safeguard against potential attacks.

References

https://reference1.example.com/login

https://gist.github.com/capable-Hub/725c294f1aeac729fa314...

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Feb 7, 2024