Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. An SQL injection vulnerability exists in Novel-Plus version 4.3.0-RC1, which stems from the parameter sort in the file /novel/bookSetting/list that can lead to SQL injection...

PT-2024-15722 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.3.0-RC1 Description: A critical issue has been found in Novel-Plus, affecting an unknown functionality of the file /novel/bookSetting/list. The manipulation of the sort argument leads to SQL injection. Recommendations: Fo...