3 matches found
CVE-2024-24014
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list...
CVE-2024-24014
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list...
CVE-2024-24014
CVE-2024-24014 affects Novel-Plus v4.3.0-RC1 and earlier. The vulnerability is a SQL injection in the /novel/author/list endpoint triggered by crafted offset, limit, and sort parameters. Documented impact is high (confidentiality, integrity, and availability all affected) with CVSS v3.1 base scor...