3 matches found
Sql injection
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list...
Novel-Plus SQL Injection Vulnerability
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from a SQL injection vulnerability in the path /system/dataPerm/list...
PT-2024-20236 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to perform SQL injection via the /system/dataPerm/list API endpoint by passing crafted offset, limit, and sort parameters. Recommendations...