A vulnerability, which was classified as critical, has been found in novel-plus up to 4.3.0-RC1. This issue affects some unknown processing of the file /system/dataPerm/list. The manipulation of the argument offset/limit/sort leads to sql injection.
The identification of this vulnerability is CVE-2024-24018. The attack can only be done within the local network. There is no exploit available.