A vulnerability was found in novel-plus up to 4.3.0-RC1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /novel/author/list. The manipulation of the argument offset/limit/sort leads to sql injection.
This vulnerability is handled as CVE-2024-24014. Access to the local network is required for this attack. There is no exploit available.