Login Sign Up

CVE-2023-1594

7.3 HIGH
SQL Injection

📋 TL;DR

This critical SQL injection vulnerability in novel-plus 3.6.2 allows remote attackers to execute arbitrary SQL commands via the 'sort' parameter in the MenuService function. Attackers can potentially read, modify, or delete database content, and in some cases achieve remote code execution. All systems running vulnerable versions of novel-plus are affected.

💻 Affected Systems

Products:
  • novel-plus
Versions: 3.6.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the sys/menu/list functionality and affects all deployments of novel-plus 3.6.2 regardless of configuration.

📦 What is this software?

Novel Plus by Xxyopen

View all CVEs affecting Novel Plus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, and potential remote code execution on the underlying server.

🟠

Likely Case

Database information disclosure, privilege escalation, and unauthorized data manipulation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept exploit is available, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check for official updates from novel-plus developers. If available, upgrade to a patched version. Otherwise, implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the 'sort' parameter to only allow expected values

Modify sys/menu/list to validate sort parameter against whitelist

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rule: deny requests containing SQL keywords in sort parameter

🧯 If You Can't Patch

  • Implement network segmentation to isolate novel-plus from critical systems
  • Enable detailed SQL query logging and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Test the sys/menu/list endpoint with SQL injection payloads in the sort parameter

Check Version:

Check novel-plus version in application configuration or admin panel

Verify Fix Applied:

Test with SQL injection payloads and verify they are rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts following SQL injection patterns

Network Indicators:

  • HTTP requests with SQL keywords in sort parameter
  • Unusual database connection patterns

SIEM Query:

source="web_logs" AND uri="*/sys/menu/list*" AND (param="sort" AND value MATCHES "(?i)(union|select|insert|update|delete|drop|--|#)")

📊 Metadata

CVE ID: CVE-2023-1594
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: March 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1594, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)