You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The name of an affected Product: Novel-Plus v4.3.0-RC1
fixed version: Novel-Plus v4.3.0-RC1
Vendor of the product: https://github.com/201206030/novel-plus
The CVE ID for the entry: CVE-2024-24013
A prose description: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list.
Vulnerability Type: SQL injection
Impact: SQL injection
Root Cause: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list.