2 matches found
CVE-2023-2040 novel-plus sql injection
A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...
CVE-2023-2040
CVE-2023-2040 affects novel-plus version 3.6.2. The vulnerability is an SQL injection in the /news/list?limit=10&offset=0&order=desc endpoint, caused by manipulation of the sort parameter. It is exploitable remotely, and the exploit has been publicly disclosed. Multiple connected sources corrobor...