Shodan
Vulnerabilities
Vulnerable Software
Xxyopen:  Security Vulnerabilities
CVE-2024-24021
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-08
CVE-2024-24018
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-08
CVE-2024-24023
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-08
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-08
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-08
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-08
CVE-2024-24019
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-07
CVE-2024-24013
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-06
CVE-2024-24015
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-06
CVE-2024-0941
A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved