CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

April 21, 2025

CVE ID : CVE-2025-3856

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleI got my hands on the redesigned successor to 2024’s best gaming laptop for most people — I’m confident that I’m going to love it, but there is ONE downside

Next Article CVE-2025-3854 – H3C GR-3000AX HTTP POST Request Handler Buffer Overflow Vulnerability

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

ChatGPT now has an agent mode

Scrum Alliance and Kanban University partner to offer new course that teaches both methodologies

Is ChatGPT down? You’re not alone. Here’s what OpenAI is saying

I found a tablet that could replace my iPad and Kindle – and it’s worth every penny

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

Execute Ping Commands and Get Back Structured Data in PHP

Execute Ping Commands and Get Back Structured Data in PHP

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

Microsoft confirms active cyberattacks on SharePoint servers

How to Manually Check & Install Windows 11 Updates (Best Guide)

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Llama 4 family of models from Meta are now available in SageMaker JumpStart

CVE-2025-53519 – Advantech iView Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2025-46813 – Discourse Data Leak Vulnerability

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

CVE-2025-4752 – D-Link DI-7003GV2 Remote Information Disclosure Vulnerability

Best Cybersecurity Conferences and Events Still to Come in 2025

How Vue Composables Work – Explained with Code Examples

Researchers from Tsinghua and ModelBest Release Ultra-FineWeb: A Trillion-Token Dataset Enhancing LLM Accuracy Across Benchmarks

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

Related Posts