📦 Novel Plus

A directory traversal vulnerability in novel plus allows remote attackers to read, write, or execute arbitrary files on the server by manipulating the filePath parameter. This affects all novel plus i...

This vulnerability allows attackers to upload arbitrary files to Novel-Plus systems via the /sysFile/upload endpoint, potentially leading to remote code execution. It affects Novel-Plus v4.3.0-RC1 ins...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands by manipulating offset, limit, and sort parameters in the /novel/author/list endpo...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands by manipulating offset, limit, and sort parameters in the /novel/userFeedback/list...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to inject malicious SQL commands via offset, limit, and sort parameters in the /novel/bookContent/list endpoint. Thi...

An arbitrary file upload vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to upload malicious files by manipulating the filename parameter in the upload() function. This can lead to...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands via crafted offset, limit, and sort parameters in the /system/roleDataPerm/list en...

A SQL injection vulnerability in Novel-Plus v4.3.0-RC1 and earlier allows attackers to execute arbitrary SQL commands via crafted offset, limit, and sort parameters in the /sys/user/exit endpoint. Thi...

A SQL injection vulnerability in Novel-Plus v4.2.0 allows remote attackers to execute arbitrary SQL commands via the sort parameter in the /common/log/list endpoint. This can lead to data theft, data ...

CVE-2023-30058 is a SQL injection vulnerability in novel-plus version 3.6.2 that allows attackers to execute arbitrary SQL commands. This affects all systems running the vulnerable version of novel-pl...

CVE-2023-37847 is a SQL injection vulnerability in novel-plus v3.6.2 that allows attackers to execute arbitrary SQL commands. This affects all systems running the vulnerable version of novel-plus, pot...

This vulnerability allows attackers to upload malicious JSP files without restrictions in novel-plus's file controller. It affects all versions of novel-plus, enabling remote code execution on affecte...

CVE-2021-41921 is an unrestricted file upload vulnerability in novel-plus V3.6.1 that allows attackers to upload malicious files with arbitrary extensions and content. This affects all novel-plus V3.6...

CVE-2022-24568 is a Server-Side Request Forgery (SSRF) vulnerability in Novel-plus v3.6.0 that allows attackers to make arbitrary HTTP requests from the vulnerable server. This can lead to internal ne...

A critical authentication bypass vulnerability in Novel-Plus allows remote attackers to access the code generation function without authentication. This affects Novel-Plus versions up to commit 0e156c...

This vulnerability allows remote attackers to read arbitrary files on novel-plus servers by manipulating the filePath parameter in GET requests. It affects novel-plus versions 4.3.0 and earlier, poten...

This SQL injection vulnerability in Novel-Plus v4.1.0 allows remote attackers to execute arbitrary SQL commands via the sort parameter in the /sys/menu/list endpoint. Attackers can potentially read, m...

This critical SQL injection vulnerability in novel-plus 3.6.2 allows remote attackers to execute arbitrary SQL commands via the 'sort' parameter in the MenuService function. Attackers can potentially ...

CVE-2022-28462 is an arbitrary file reading vulnerability in novel-plus 3.6.0 that allows attackers to read sensitive files from the server filesystem. This affects all deployments of novel-plus 3.6.0...

Novel-Plus up to version 5.2.4 contains a stored XSS vulnerability in the /author/updateIndexName endpoint. Authenticated attackers can inject malicious JavaScript through the indexName parameter, whi...

An authenticated user in Novel-Plus 5.2.0 can inject malicious JavaScript via the replyContent parameter when replying to book comments, leading to stored XSS. This allows execution of arbitrary code ...

This vulnerability in novel-plus allows remote attackers to delete arbitrary files due to missing authorization checks in the file removal function. It affects all systems running novel-plus up to ver...

This vulnerability allows attackers to bypass authentication in novel-plus by replaying CAPTCHA tokens, potentially gaining unauthorized access to administrative functions. It affects novel-plus versi...

This vulnerability in Novel-Plus allows unauthorized access to log viewing functionality due to improper authorization in the LogController. Attackers can remotely view system logs without proper perm...

This CVE describes an authentication bypass vulnerability in Novel-Plus software that allows unauthenticated attackers to access session management functions remotely. The vulnerability affects Novel-...

This is a critical SQL injection vulnerability in xxyopen Novel-Plus 5.1.0 that allows remote attackers to execute arbitrary SQL commands via the 'sort' parameter in the /book/searchByPage endpoint. A...

This critical SQL injection vulnerability in xxyopen Novel-Plus allows attackers to manipulate database queries through the /api/front/search/books endpoint. Remote attackers can potentially read, mod...

This vulnerability allows remote attackers to execute arbitrary code on systems running xxyopen novel plus version 4.4.0 and earlier. The flaw exists in the PageController.java file, enabling code inj...

This is a SQL injection vulnerability in novel-plus 3.6.2 that allows remote attackers to execute arbitrary SQL commands via the 'orderby' parameter in DictController.java. Attackers can potentially r...

This CVE describes a SQL injection vulnerability in novel-plus version 3.6.2 that allows remote attackers to execute arbitrary SQL commands via the 'sort' parameter in the common/log/list functionalit...