exploitDog

GHSA-7pr9-232f-3fgg

Опубликовано: 08 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.

Ссылки

EPSS

Процентиль: 25%

0.00086

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2024-24021

CVSS3: 9.8

nvd

почти 2 года назад

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list.

EPSS

Процентиль: 25%

0.00086

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89