CVE-2023-1607: novel-plus list sql injection
First published: Thu Mar 23 2023(Updated: )
A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xxyopen Novel-plus | =3.6.2 | |
| =3.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-1607?
CVE-2023-1607 is a critical vulnerability found in novel-plus 3.6.2 that allows for SQL injection attacks.
How severe is CVE-2023-1607?
CVE-2023-1607 has a severity score of 8.8, which is classified as high.
What software version is affected by CVE-2023-1607?
novel-plus 3.6.2 is the affected version by CVE-2023-1607.
How can CVE-2023-1607 be exploited?
CVE-2023-1607 can be exploited remotely by manipulating the 'sort' argument in the '/common/sysFile/list' file.
Is there a fix available for CVE-2023-1607?
At the moment, there is no known fix available for CVE-2023-1607. It is recommended to apply any official patches or updates provided by the software vendor.
- collector/nvd-index
- agent/author
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/title
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/xxyopen
- canonical/xxyopen novel-plus
- version/xxyopen novel-plus/3.6.2