Vulnerabilities > Xxyopen > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-24014 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-08 CVE-2024-24017 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-08 CVE-2024-24021 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-08 CVE-2024-24018 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-08 CVE-2024-24023 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-08 CVE-2024-24024 Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload().
network
low complexity
xxyopen CWE-434
critical
 9.8
9.8
2024-02-08 CVE-2024-24025 Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload().
network
low complexity
xxyopen CWE-434
critical
 9.8
9.8
2024-02-08 CVE-2024-24026 Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg().
network
low complexity
xxyopen CWE-434
critical
 9.8
9.8
2024-02-07 CVE-2024-24019 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8
2024-02-06 CVE-2024-24013 SQL Injection vulnerability in Xxyopen Novel-Plus
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions.
network
low complexity
xxyopen CWE-89
critical
 9.8
9.8