CVE-2023-1594

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-1594

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1594.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-1594

Published

2023-03-23T10:15:12.330Z

Modified

2025-11-15T05:45:20.957297Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/201206030/novel-plus

Affected ranges

Type: GIT
Repo: https://github.com/201206030/novel-plus
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5d70e440211db0ead5b319678f0157c50002d0c7

Affected versions

v1.*

v1.0.0

v1.1.0

v1.1.1

v2.*

v2.0.0

v2.0.2

v2.1.2

v2.5.0

v2.6.0

v2.8.0

v3.*

v3.0.2

v3.1.0

v3.3.0

v3.5.0

v3.5.1

v3.5.3

v3.5.4

v3.6.0

v3.6.1

v3.6.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1594.json"