Novel-plus v3.6.0 exists to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.
xxyopen novel-plus 3.6.0