2 matches found
PT-2024-20233 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to perform SQL injection by passing crafted offset, limit, and sort parameters via the "/novel/author/list" API endpoint. Recommendations:...
PT-2023-17435 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: A critical issue affects the processing of the file "/author/list?limit=10&offset=0&order=desc". The manipulation of the sort argument leads to SQL injection. This issue can be exploited remotely...