CVE-2023-37847 — novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. | CVE Daily

Critical CVSS 9.8

Overview

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.

CWE: CWE-89 Published: 2023-08-14T12:15:09.593

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Recommended tools

Tags

SQL Injection