Due to incorrect usage of the “ORDER BY” clause, there are multiple SQL injection vulnerabilities in novel-plus.