3 matches found
novel-plus SQL injection vulnerability (CNVD-2023-32773)
novel-plus novel boutique-plus is a multi-end PC, WAP reading, functional original literature CMS system. novel-plus version 3.6.2 suffers from a SQL injection vulnerability, which originates from a problem with the file /news/list?limit=10&offset=0&order=desc, where the operation of the paramete...
SQL Injection Vulnerability in Novel House-plus Backend
Novel boutique-plus novel-plus is a multi-end PC, WAP reading, functional original literature CMS system , built on SpringCloud , using MyBatis as the persistence layer . A SQL injection vulnerability exists in the backend of Novel Boutique-plus. An attacker can exploit the vulnerability to obtai...
Arbitrary File Read Vulnerability in Novelty House-plus
Novel boutique-plus novel-plus is a multi-end PC, WAP reading, functional original literature CMS system , built on SpringCloud , using MyBatis as the persistence layer . Novel-plus has an arbitrary file read vulnerability that can be exploited by an attacker to read any file in the system...