CVE-2023-1607
novel-plus list sql injection
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Affected products
n/a · novel-plus