CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

April 21, 2025

CVE ID : CVE-2025-3856

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleI got my hands on the redesigned successor to 2024’s best gaming laptop for most people — I’m confident that I’m going to love it, but there is ONE downside

Next Article CVE-2025-3854 – H3C GR-3000AX HTTP POST Request Handler Buffer Overflow Vulnerability

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

Development Release: KDE Linux 20250906

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Your data’s probably not ready for AI – here’s how to make it trustworthy

Opossum Attack: New Vulnerability Compromises Encrypted TLS Connections, Allowing MitM & Data Injection

BlueHost review: An easy way to get started with web hosting, but mixed performance

CVE-2025-25962 – Uniswap Coresmartcontracts Privilege Escalation

The latest trailer for this highly anticipated indie heading to Xbox Game Pass teaches us how to be a good shopkeeper (while dropping a hot new release window)

Zebra ZD421 Drivers: Download on PC [Windows 10 & 11]

vitorccs/laravel-csv

A Coding Guide to Different Function Calling Methods to Create Real-Time, Tool-Enabled Conversational AI Agents

CVE-2025-3856 – Xxyopen Novel-Plus SQL Injection Vulnerability

Related Posts