Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxyopen novel-plus 4.3.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-24013
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24014
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24015
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24017
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24018
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24019
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24021
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24023
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »