A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-08T00:00:00
Updated: 2024-08-01T23:19:51.187Z
Reserved: 2024-01-25T00:00:00
Link: CVE-2024-24014
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-02-08T02:15:07.840
Modified: 2024-02-10T04:00:34.467
Link: CVE-2024-24014
Redhat
No data.