CVE-2024-0655 | Novel-Plus 4.3.0-RC1 /novel/bookSetting/list sort sql injection

Inserito da Angelo Barbosa | Gen 17, 2024 | CVE

A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection.

This vulnerability is known as CVE-2024-0655. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

CVE-2024-0655 | Novel-Plus 4.3.0-RC1 /novel/bookSetting/list sort sql injection

Post correlati

CVE-2023-52689 | Linux Kernel up to 6.7.1 ALSA scarlett2_meter_ctl_get meter_level_map[] Privilege Escalation (74e3de7cdcc3/993f7b42fa06)

CVE-2023-49186 | Machic Core Plugin up to 1.2.6 on WordPress cross site scripting

CVE-2024-0585 | wpdevteam Essential Addons for Elementor Plugin up to 5.9.4 on WordPress Filterable Gallery Widget cross site scripting (ID 3022852)

CVE-2024-1217 | kaliforms Contact Form Builder with Drag & Drop Plugin up to 2.3.41 on WordPress Deactivation await_plugin_deactivation authorization