novel-plus list sql injection
CVE-2023-1607

8.8HIGH

Key Information:

Vendor: Xxyopen
Status: novel-plus
Vendor: CVE Published:; 23 March 2023

What is CVE-2023-1607?

A vulnerability in the novel-plus application version 3.6.2 allows for SQL injection through the manipulation of the sort argument. This security flaw affects a part of the file system located at /common/sysFile/list and can be exploited remotely, exposing the application to potential data breaches and unauthorized access. The exploit has been publicly disclosed, raising concerns about the security of systems utilizing this version of the software.

Affected Version(s)

novel-plus 3.6.2

References

https://vuldb.com/?id.223737

vdb-entrytechnical-description

https://vuldb.com/?ctiid.223737

signaturepermissions-required

https://github.com/1610349395/novel-plus-v3.6.2----SQL-In...

broken-linkexploit

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2023
Vulnerability Reserved
Mar 23, 2023

Credit

Christ1na (VulDB User)

Xxyopen

What is CVE-2023-1607?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit