CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

RedhatCVE•added 2025/05/23 3:0 a.m.•2 views

CVE-2023-1594

A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

9.8CVSS7.7AI score0.00451EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:16 p.m.•2 views

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

7.2CVSS7.1AI score0.00274EPSS

Exploits1References1

ATTACKERKB•added 2023/09/18 10:15 p.m.•1 views

CVE-2023-41443

SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list...

7.2CVSS7.5AI score0.00969EPSS

Exploits1References2

Positive Technologies•added 2023/09/18 12:0 a.m.•0 views

PT-2023-27946 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in the "/sys/menu/list" API endpoint. This enables the attacker to inject malicious SQL code,...

7.2CVSS7.3AI score0.00969EPSS

Exploits1References7

CNNVD•added 2023/09/18 12:0 a.m.•1 views

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v.4.1.0 that originates from a vulnerability that allows remote attackers to use a crafted script to execute arbitrary code via the sort parameter in...

7.2CVSS7.8AI score0.00969EPSS

Exploits1References3

CNNVD•added 2023/03/23 12:0 a.m.•1 views

novel-plus SQL注入漏洞

novel-plus novel-plus is a multi-end PC, WAP reading, full-featured original literature CMS system. A SQL injection vulnerability exists in novel-plus version 3.6.2, which originates from a security issue in the function MenuService in file sys/menu/list, which leads to an SQL injection via the...

9.8CVSS7.7AI score0.00451EPSS

Exploits1References4

NVD•added 2022/09/09 2:15 p.m.•8 views

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

7.2CVSS0.00274EPSS

Exploits1References1

OSV•added 2022/09/09 2:15 p.m.•10 views

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

7.2CVSS8AI score

Exploits0References1

ATTACKERKB•added 2022/09/09 2:15 p.m.•1 views

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

7.2CVSS5.9AI score0.00274EPSS

Exploits1References2

Prion•added 2022/09/09 2:15 p.m.•17 views

Sql injection

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

5.8CVSS7.4AI score0.00274EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/09/09 1:40 p.m.•10 views

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

7.6AI score0.00274EPSS

Exploits1References1

CNNVD•added 2022/09/09 12:0 a.m.•2 views

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /system/menu/list SQL injection vulnerability...

7.2CVSS7.3AI score0.00274EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by