novel-plus list sql injection
CVE-2023-1595

7.2HIGH

Key Information:

Vendor: Xxyopen
Status: novel-plus
Vendor: CVE Published:; 23 March 2023

What is CVE-2023-1595?

A vulnerability exists in Novel Plus version 3.6.2, where an improper handling of inputs in the common/log/list file enables SQL injection through manipulation of the 'sort' argument. This flaw allows for remote attackers to execute arbitrary SQL queries, potentially compromising sensitive data. Given that the exploit has been publicly disclosed, immediate defensive measures are recommended to prevent unauthorized access.

Affected Version(s)

novel-plus 3.6.2

References

https://vuldb.com/?id.223663

vdb-entrytechnical-description

https://vuldb.com/?ctiid.223663

signaturepermissions-required

https://github.com/1610349395/novel-plus-v3.6.2----Backgr...

broken-linkexploit

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2023
Vulnerability Reserved
Mar 23, 2023

Credit

Christ1na (VulDB User)

Xxyopen

What is CVE-2023-1595?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit