Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.12 views

CVE-2024-24013

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list...

9.8CVSS9.7AI score0.00586EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:29 a.m.6 views

CVE-2024-24021

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list...

9.8CVSS9.6AI score0.00622EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.3 views

PT-2024-20854 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.3.0-RC1 Description: The issue is related to an arbitrary file upload vulnerability in the component /sysFile/upload. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

9.8CVSS7.8AI score0.00783EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.20 views

CVE-2024-24017

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list...

7.8AI score0.00627EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.4 views

PT-2024-20239 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: A SQL injection issue exists, allowing an attacker to pass specially crafted offset, limit, and sort parameters to perform SQL injection via the "/novel/userFeedback/list" API endpoint...

9.8CVSS9.6AI score0.00622EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.5 views

PT-2024-20241 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary file download issue exists, allowing an attacker to download files by passing specially crafted filePath and fileName parameters to the fileDownload function in the...

9.8CVSS7AI score0.00654EPSS
Exploits0References6
Rows per page
Query Builder