CVE-2023-46981 – A SQL injection vulnerability in Novel-Plus v4.... (How to Fix)

Q: What is the severity of CVE-2023-46981?

CVE-2023-46981 has a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability in Novel-Plus v4.2.0 allows remote attackers to execute arbitrary SQL commands via the sort parameter in the /common/log/list endpoint. This can lead to data theft, data manipulation, or complete system compromise. All Novel-Plus v4.2.0 installations with the vulnerable endpoint exposed are affected.

📋 TL;DR

A SQL injection vulnerability in Novel-Plus v4.2.0 allows remote attackers to execute arbitrary SQL commands via the sort parameter in the /common/log/list endpoint. This can lead to data theft, data manipulation, or complete system compromise. All Novel-Plus v4.2.0 installations with the vulnerable endpoint exposed are affected.

💻 Affected Systems

Products:

Novel-Plus

Versions: v4.2.0

Operating Systems: All platforms running Novel-Plus

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of Novel-Plus v4.2.0.

📦 What is this software?

Novel Plus by Xxyopen

View all CVEs affecting Novel Plus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise leading to data exfiltration, privilege escalation, and remote code execution on the underlying server.

🟠

Likely Case

Database content extraction, data manipulation, and potential authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the application.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted HTTP requests to the vulnerable endpoint. No authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.2.1 or later

Vendor Advisory: https://github.com/xxd763795151/novel-plus

Restart Required: Yes

Instructions:

1. Backup your Novel-Plus installation and database. 2. Download the latest version from the official repository. 3. Replace the vulnerable files with patched versions. 4. Restart the application server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the sort parameter to allow only alphanumeric characters.

Modify the sort parameter handling code to validate input before processing

WAF Rule

all

Deploy a web application firewall rule to block SQL injection patterns in the sort parameter.

Configure WAF to detect and block SQL injection patterns in request parameters

🧯 If You Can't Patch

Block external access to /common/log/list endpoint using firewall rules or access controls.
Implement network segmentation to isolate the Novel-Plus server from sensitive systems.

🔍 How to Verify

Check if Vulnerable:

Send a test request to /common/log/list with a malicious sort parameter payload and observe if SQL errors are returned.

Check Version:

Check the Novel-Plus version in the application configuration or admin panel.

Verify Fix Applied:

Test the same payload after patching to confirm it's properly sanitized or rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple requests with suspicious sort parameter values

Network Indicators:

HTTP requests to /common/log/list with SQL keywords in parameters
Unusual database query patterns

SIEM Query:

source="novel-plus" AND (uri_path="/common/log/list" AND (param="sort" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "--"))

📊 Metadata

CVE ID: CVE-2023-46981

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: November 5, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/JunFengDeng/Cve-List/blob/main/novel-plus/20231027/vuln/readme.md Exploit,Third Party Advisory
https://github.com/JunFengDeng/Cve-List/blob/main/novel-plus/20231027/vuln/readme.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46981, you might also want to check these: