PT-2025-17980 · Unknown · Novel-Cloud

Fc04Db

Published

2025-04-27

Updated

2025-04-27

CVE-2025-3956

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 201206030 novel-cloud version 1.4.0

Description A critical issue has been found that affects the RestResp function in the BookInfoMapper.xml file. This issue leads to SQL injection and can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For 201206030 novel-cloud version 1.4.0, consider restricting access to the RestResp function in the BookInfoMapper.xml file to minimize the risk of SQL injection exploitation. As a temporary workaround, avoid using the BookInfoMapper.xml file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-3956

Affected Products

Novel-Cloud

PT-2025-17980 · Unknown · Novel-Cloud

CVE-2025-3956

Weakness Enumeration

Related Identifiers

Affected Products

References · 10