A vulnerability classified as critical was found in novel-plus up to 4.3.0-RC1. This vulnerability affects unknown code of the file /novel/userFeedback/list. The manipulation of the argument offset/limit/sort leads to sql injection.
This vulnerability was named CVE-2024-24021. The attack needs to be approached within the local network. There is no exploit available.