Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.
                
            References
                    | Link | Resource | 
|---|---|
| https://www.mesec.cn/archives/296 | Exploit Third Party Advisory | 
| https://www.mesec.cn/archives/296 | Exploit Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2022-09-01 03:15
Updated : 2024-11-21 07:13
NVD link : CVE-2022-36672
Mitre link : CVE-2022-36672
CVE.ORG link : CVE-2022-36672
JSON object : View
Products Affected
                xxyopen
- novel-plus
CWE
                
                    
                        
                        CWE-798
                        
            Use of Hard-coded Credentials
