CVE-2022-35121: SQL Injection
First published: Wed Aug 17 2022(Updated: )
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xxyopen Novel-plus | =3.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2022-35121.
What is the severity of CVE-2022-35121?
The severity of CVE-2022-35121 is critical (9.8 out of 10).
How does the SQL injection vulnerability occur in Novel-Plus v3.6.1?
The SQL injection vulnerability in Novel-Plus v3.6.1 occurs via the keyword parameter at /service/impl/BookServiceImpl.java.
What software version is affected by CVE-2022-35121?
The software version affected by CVE-2022-35121 is Novel-Plus v3.6.1.
Is there a fix available for this vulnerability?
Yes, it is recommended to update to a patched version of Novel-Plus that addresses the SQL injection vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/xxyopen
- canonical/xxyopen novel-plus
- version/xxyopen novel-plus/3.6.1