SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.
References
Link | Resource |
---|---|
https://github.com/Deng-JunFeng/cve-lists/tree/main/novel-plus/vuln | Exploit |
Configurations
History
20 Sep 2023, 20:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CPE | cpe:2.3:a:xxyopen:novel-plus:4.1.0:*:*:*:*:*:*:* | |
First Time |
Xxyopen
Xxyopen novel-plus |
|
References | (MISC) https://github.com/Deng-JunFeng/cve-lists/tree/main/novel-plus/vulnĀ - Exploit |
19 Sep 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-18 22:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-41443
Mitre link : CVE-2023-41443
CVE.ORG link : CVE-2023-41443
JSON object : View
Products Affected
xxyopen
- novel-plus
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')