CVE-2021-42967

Name of the Vulnerable Software and Affected Versions novel-plus versions all

Description The issue concerns an unrestricted file upload in the /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java file. This allows an attacker to upload malicious JSP files.

Recommendations For novel-plus versions all, consider restricting access to the FileController.java file or disabling the file upload functionality until a proper fix is implemented. As a temporary workaround, restrict the types of files that can be uploaded to prevent malicious JSP files from being uploaded.