A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection.
The identification of this vulnerability is CVE-2024-0941. The attack needs to be done within the local network. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.