Lucene search
HistoryFeb 07, 2024 - 1:15 a.m.
CVE-2024-24019
sql injection
novel-plus
v4.3.0-rc1
security vulnerability
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
33.2%
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list
Affected configurations
Node
xxyopennovel-plusRange≤4.2.0
ORxxyopennovel-plusMatch4.3.0rc1
| CPE | Name | Operator | Version |
|---|---|---|---|
| xxyopen:novel-plus | xxyopen novel-plus | le | 4.2.0 |
| xxyopen:novel-plus | xxyopen novel-plus | eq | 4.3.0 |
Related
cvelist
cvelist
CVE-2024-24019
2024-02-07 00:00:00
osv
osv
CVE-2024-24019
2024-02-07 01:15:08
prion
prion
Sql injection
2024-02-07 01:15:00
nvd
nvd
CVE-2024-24019
2024-02-07 01:15:08
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
33.2%
Related for CVE-2024-24019