Show filters
33 Total Results
Displaying 1-10 of 33
Sort by:
Attacker Value
Unknown
CVE-2025-1154
Disclosure Date: February 10, 2025 (last updated February 11, 2025)
A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
0
Attacker Value
Unknown
CVE-2024-24021
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.
0
Attacker Value
Unknown
CVE-2024-24017
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list
0
Attacker Value
Unknown
CVE-2024-24014
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list
0
Attacker Value
Unknown
CVE-2024-24026
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
0
Attacker Value
Unknown
CVE-2024-24025
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
0
Attacker Value
Unknown
CVE-2024-24024
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
0
Attacker Value
Unknown
CVE-2024-24023
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.
0
Attacker Value
Unknown
CVE-2024-24018
Disclosure Date: February 08, 2024 (last updated February 10, 2024)
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list
0
Attacker Value
Unknown
CVE-2024-24019
Disclosure Date: February 07, 2024 (last updated February 10, 2024)
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list
0
