VYPR
Vendor

Novel Plus

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2024-24019CriFeb 7, 2024
    risk 0.64cvss 9.8epss 0.01

    A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list

  • CVE-2023-46981CriNov 5, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.

  • CVE-2024-0941MedJan 26, 2024
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be…

  • CVE-2024-0655MedJan 18, 2024
    risk 0.36cvss 5.5epss 0.01

    A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the…