CNNVD-202506-3025 Information
CNNVD ID
CNNVD-202506-3025
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
novel-plus是xxy个人开发者的一个小说阅读软件。 novel-plus 5.1.3及之前版本存在安全漏洞,该漏洞源于用户管理模块对参数sort/order处理不当,可能导致SQL注入攻击。
Description (English)
Novel-plus is a novel reading software for xxy personal developers. There is a security loophole in the novel-plus 5.1.3 and previous versions, which stems from the inappropriate handling of parameters in the user management module at sort/order, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Live Support
Published
2025-06-24
Last Modified
2026-02-24
References
https://blog.0xd00.com/blog/sqli-in-user-list-leads-to-sensitive-data-disclosure https://blog.0xd00.com/blog/sqli-in-user-list-leads-to-sensitive-data-disclosure#poc https://vuldb.com/?ctiid.313654 https://vuldb.com/?id.313654 https://vuldb.com/?submit.596573 https://access.redhat.com/security/cve/cve-2025-6535
Patch
https://github.com/201206030/novel-plus/releases
Share on: