Xxyphackss

**Name of the Vulnerable Software and Affected Versions** Novel-Plus versions 4.3.0-RC1 and prior **Description** An arbitrary File upload vulnerability exists in the `uploadImg()` function of `SysUserController` at `com.java2nb.system.controller.SysUserController`. This allows an attacker to pass in a specially crafted `filename` parameter to perform arbitrary File download. **Recommendations** For Novel-Plus versions 4.3.0-RC1 and prior, as a temporary workaround, consider disabling the `uploadImg()` function until a patch is available. Restrict access to the `SysUserController` to minimize the risk of exploitation. Avoid using the `filename` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.