cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-24026,https://securityvulnerability.io/vulnerability/CVE-2024-24026,Arbitrary File Upload Vulnerability,"An arbitrary file upload vulnerability is present in the Novel-Plus software, specifically in versions 4.3.0-RC1 and prior. This vulnerability is located within the SysUserController at the uploadImg() method, allowing attackers to exploit it by providing a crafted filename parameter. Successfully exploiting this flaw can enable unauthorized file downloads, resulting in potential exposure of sensitive data or system compromise. It is crucial for users and administrators of Novel-Plus to address this issue by updating to the latest software version and reviewing their security postures to mitigate any risks associated with this vulnerability.",Novel-Plus,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T01:15:00.000Z,0
CVE-2024-24024,https://securityvulnerability.io/vulnerability/CVE-2024-24024,Arbitrary File Download Vulnerability Discovered in Novel-Plus v4.3.0-RC1 and Prior,"An arbitrary file download vulnerability has been identified in the Novel-Plus applications prior to version 4.3.0-RC1. This vulnerability occurs due to improper validation of input parameters within the fileDownload() method located in the FileController class. By crafting specific filePath and fileName parameters, an attacker may exploit this flaw to gain unauthorized access to files on the server, potentially compromising sensitive information. Organizations using affected versions of Novel-Plus should review their security measures and apply necessary patches or updates to mitigate this risk.",Novel-Plus,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T01:15:00.000Z,0
CVE-2024-24023,https://securityvulnerability.io/vulnerability/CVE-2024-24023,SQL Injection Vulnerability in Novel Plus v4.3.0-RC1 and Prior,"A SQL injection vulnerability exists in the Novel-Plus application, specifically affecting versions v4.3.0-RC1 and earlier. This vulnerability allows an attacker to manipulate SQL queries by sending specially crafted parameters such as offset, limit, and sort through the endpoint /novel/bookContent/list. Such exploitation may lead to unauthorized access to sensitive data or database manipulation, posing significant risks to the integrity and confidentiality of the application’s database.",Novel,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T01:15:00.000Z,0
CVE-2024-24018,https://securityvulnerability.io/vulnerability/CVE-2024-24018,Novell-Plus SQL Injection Vulnerability,"A SQL injection vulnerability has been identified in the Novel-Plus application, specifically affecting version 4.3.0-RC1 and earlier releases. An attacker may exploit this vulnerability by supplying specially crafted parameters, such as offset, limit, and sort commands, through the /system/dataPerm/list endpoint. Successful exploitation can lead to unauthorized access to database information, making it crucial for users of affected versions to apply necessary security patches or mitigations.",Novell,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T00:00:00.000Z,0
CVE-2024-24021,https://securityvulnerability.io/vulnerability/CVE-2024-24021,SQL Injection Vulnerability in Novel Plus v4.3.0-RC1 and Prior,"The vulnerability in Novel-Plus allows for SQL injection attacks due to improper handling of user-supplied parameters in the user feedback listing feature. An attacker exploiting this flaw can manipulate the offset, limit, and sort parameters to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data or database corruption. This issue affects version 4.3.0-RC1 and previous versions, necessitating immediate attention from users to find the necessary patches or mitigations.",Novel,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T00:00:00.000Z,0
CVE-2024-24025,https://securityvulnerability.io/vulnerability/CVE-2024-24025,Arbitrary File Upload Vulnerability,"An arbitrary file upload vulnerability is present in Novel-Plus versions up to and including v4.3.0-RC1, located in the 'upload()' method of FileController within the com.java2nb.common.controller package. This vulnerability permits an attacker to manipulate specially crafted filename parameters, resulting in the potential for arbitrary file downloads. This poses significant risks to the integrity and security of the affected systems, making timely action for remediation a priority.",Novel-Plus,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T00:00:00.000Z,0
CVE-2024-24017,https://securityvulnerability.io/vulnerability/CVE-2024-24017,Novell-Plus SQL Injection Vulnerability,"A SQL injection vulnerability impacts Novel-Plus versions 4.3.0-RC1 and earlier. This flaw enables attackers to craft specific offset, limit, and sort parameters leading to SQL injection attacks through the /common/dict/list endpoint. Successful exploitation may allow unauthorized data access or manipulation, posing significant security risks to users of affected versions.",Novell,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T00:00:00.000Z,0
CVE-2024-24014,https://securityvulnerability.io/vulnerability/CVE-2024-24014,SQL Injection Vulnerability Affects Novel-Plus Products,"A SQL injection vulnerability has been identified in Novel-Plus versions up to and including v4.3.0-RC1. Attackers can exploit this vulnerability by sending specially crafted offset, limit, and sort parameters to the endpoint /novel/author/list. This can enable unauthorized access to the database, allowing malicious actors to perform manipulations such as data extraction or alteration. It is crucial for users of affected versions to implement mitigation strategies or upgrade to secure versions to prevent exploitation.",Novel-Plus,Novel-plus,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-02-08T00:00:00.000Z,0
CVE-2024-24019,https://securityvulnerability.io/vulnerability/CVE-2024-24019,Novell-Plus SQL Injection Vulnerability,"A SQL injection vulnerability has been identified in the Novel-Plus application, affecting versions up to v4.3.0-RC1. This weakness allows attackers to manipulate SQL queries by passing crafted offset, limit, and sort parameters through the endpoint /system/roleDataPerm/list. If exploited, this vulnerability could lead to unauthorized access to sensitive data, data corruption, and other malicious activities. It is crucial for users of affected versions to apply necessary updates or mitigations to safeguard against potential attacks.",Novell,Novel-plus,9.8,CRITICAL,0.0007600000244565308,false,false,false,false,,false,false,2024-02-07T00:00:00.000Z,0
CVE-2023-37847,https://securityvulnerability.io/vulnerability/CVE-2023-37847,,novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.,Novel-plus,Novel-plus,9.8,CRITICAL,0.0015999999595806003,false,false,false,false,,false,false,2023-08-14T00:00:00.000Z,0