CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

April 21, 2025

CVE ID : CVE-2025-3856

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleI got my hands on the redesigned successor to 2024’s best gaming laptop for most people — I’m confident that I’m going to love it, but there is ONE downside

Next Article CVE-2025-3854 – H3C GR-3000AX HTTP POST Request Handler Buffer Overflow Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

4 ways your organization can adapt and thrive in the age of AI

Google’s new Search tool turns financial info into interactive charts – how to try it

This rugged Android phone has something I’ve never seen on competing models

Anthropic’s new AI models for classified info are already in use by US gov

Handling PostgreSQL Migrations in Node.js

Handling PostgreSQL Migrations in Node.js

How to Add Product Badges in Optimizely Configured Commerce Spire

Salesforce Health Check Assessment Unlocks ROI

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Spf Permerror Troubleshooting Guide For Better Email Deliverability Today

Amap – Gather Info in Easy Way

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

Apple’s App Store shaken: Court ends ‘Apple tax’ on external purchases

Age of Empires 2’s largest patch ever is arriving 26 years after the game’s debut

LG’s new projector is also a Bluetooth speaker and a mood lamp

CVE-2025-4305 – Kefaming Mayi Unrestricted File Upload Vulnerability

Transforming News Into Audio Experiences with MongoDB and AI

DeepSeek AI Unveils DeepSeek-V3-0324: Blazing Fast Performance on Mac Studio, Heating Up the Competition with OpenAI

CVE-2025-41646 – Apache Software Type Confusion Authentication Bypass

CVE-2025-42605 – Meon Bidding Solutions Remote Authorization Bypass Vulnerability

CVE-2025-31926 – LambertGroup Sticky Radio Player SQL Injection Vulnerability

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

Related Posts