3 matches found
CVE-2025-3676
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
CVE-2025-3676
CVE-2025-3676 affects xxyopen Novel-Plus 3.5.0. The issue is an SQL injection in the /api/front/search/books endpoint caused by improper handling of the sort parameter, enabling remote exploitation. Public exploit/disclosure is noted and vendor response was absent. Mitigation guidance from PT Sec...
CVE-2025-3676 xxyopen Novel-Plus books sql injection
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...