{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T01:05:11.446","vulnerabilities":[{"cve":{"id":"CVE-2023-1607","sourceIdentifier":"cna@vuldb.com","published":"2023-03-23T20:15:14.570","lastModified":"2026-06-17T05:28:21.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability."},{"lang":"es","value":"Se encontró una vulnerabilidad en novel-plus 3.6.2. Se ha clasificado como crítico. Esto afecta a una parte desconocida del archivo /common/sysFile/list. La manipulación del argumento sort conduce a la inyección sql. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado. El identificador VDB-223737 se asignó a esta vulnerabilidad."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"n/a","product":"novel-plus","versions":[{"version":"3.6.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:M/C:P/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xxyopen:novel-plus:3.6.2:*:*:*:*:*:*:*","matchCriteriaId":"E8784DC3-1BFE-4C21-B764-13F6C7CC28BC"}]}]}],"references":[{"url":"https://github.com/1610349395/novel-plus-v3.6.2----SQL-Injection-Vulnerability-/blob/main/novel-plus%20v3.6.2%20--%20%20SQL%20Injection%20Vulnerability%20.md","source":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/?ctiid.223737","source":"cna@vuldb.com","tags":["Third Party Advisory"]},{"url":"https://vuldb.com/?id.223737","source":"cna@vuldb.com","tags":["Third Party Advisory"]},{"url":"https://github.com/1610349395/novel-plus-v3.6.2----SQL-Injection-Vulnerability-/blob/main/novel-plus%20v3.6.2%20--%20%20SQL%20Injection%20Vulnerability%20.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://vuldb.com/?ctiid.223737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://vuldb.com/?id.223737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}