First published: Thu Feb 08 2024(Updated: )
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xxyopen Novel-plus | <=4.2.0 | |
Xxyopen Novel-plus | =4.3.0-rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.