CVE-2023-1595: novel-plus list sql injection
First published: Thu Mar 23 2023(Updated: )
A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223663.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xxyopen Novel-plus | =3.6.2 | |
| =3.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1595?
The severity of CVE-2023-1595 is high with a severity rating of 7.2.
How does CVE-2023-1595 affect novel-plus 3.6.2?
CVE-2023-1595 affects an unknown functionality of the file common/log/list in novel-plus 3.6.2, allowing for SQL injection through the manipulation of the 'sort' argument.
Can CVE-2023-1595 be exploited remotely?
Yes, CVE-2023-1595 can be exploited remotely.
What is the Common Vulnerabilities and Exposures (CVE) ID of this vulnerability?
The Common Vulnerabilities and Exposures (CVE) ID of this vulnerability is CVE-2023-1595.
Is there a fix available for CVE-2023-1595?
It is recommended to update to a patched version or apply any available security patches provided by the software vendor to fix CVE-2023-1595.
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/title
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/xxyopen
- canonical/xxyopen novel-plus
- version/xxyopen novel-plus/3.6.2