CVE-2024-24025 | novel-plus up to 4.3.0-RC1 com.java2nb.common.controller.FileController upload filename unrestricted upload

CVE-2024-24025 | novel-plus up to 4.3.0-RC1 com.java2nb.common.controller.FileController upload filename unrestricted upload

A vulnerability was found in novel-plus up to 4.3.0-RC1 and classified as problematic. Affected by this issue is the function upload of the component com.java2nb.common.controller.FileController. The manipulation of the argument filename leads to unrestricted upload. This vulnerability is handled as CVE-2024-24025. The attack needs to be initiated within the local network. There is no exploit available.