PT-2024-20232 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to perform SQL injection by passing crafted offset, limit, and sort parameters via the "/novel/pay/list" API endpoint. Recommendations: Fo...