8 matches found
Sql injection
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability...
CVE-2023-37847
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability...
CVE-2023-37847
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability...
CVE-2022-36671
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...
Arbitrary file deletion
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...
CVE-2022-36672
Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session...
CVE-2022-36671
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...
CVE-2022-36671
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API...