A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-04-14T08:31:03.374Z

Updated: 2024-08-02T06:12:19.947Z

Reserved: 2023-04-14T06:30:52.583Z

Link: CVE-2023-2040

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-14T09:15:07.453

Modified: 2024-11-21T07:57:48.920

Link: CVE-2023-2040

cve-icon Redhat

No data.