Novell-Plus SQL Injection Vulnerability

CVE-2024-24017

What is CVE-2024-24017?

A SQL injection vulnerability impacts Novel-Plus versions 4.3.0-RC1 and earlier. This flaw enables attackers to craft specific offset, limit, and sort parameters leading to SQL injection attacks through the /common/dict/list endpoint. Successful exploitation may allow unauthorized data access or manipulation, posing significant security risks to users of affected versions.

References