SQL Injection Vulnerability Affects Novel-Plus Products
CVE-2024-24014

9.8CRITICAL

Key Information:

Vendor: Novel-Plus
Status: Novel-plus
Vendor: CVE Published:; 8 February 2024

Summary

A SQL injection vulnerability has been identified in Novel-Plus versions up to and including v4.3.0-RC1. Attackers can exploit this vulnerability by sending specially crafted offset, limit, and sort parameters to the endpoint /novel/author/list. This can enable unauthorized access to the database, allowing malicious actors to perform manipulations such as data extraction or alteration. It is crucial for users of affected versions to implement mitigation strategies or upgrade to secure versions to prevent exploitation.

References

https://github.com/201206030/novel-plus

https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/m...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2024
Vulnerability Reserved
Jan 25, 2024

Collectors

NVD DatabaseMitre Database