An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows malicious users to execute arbitrary code via uploading a crafted .jsp file.