CVE-2024-25722 | QAnything up to 1.1.x mysql_client.py sql injection

Inserito da Angelo Barbosa | Feb 11, 2024 | CVE

A vulnerability was found in QAnything up to 1.1.x. It has been rated as critical. This issue affects some unknown processing of the file qanything_kernel/connector/database/mysql/mysql_client.py. The manipulation leads to sql injection.

The identification of this vulnerability is CVE-2024-25722. The attack needs to be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-25722 | QAnything up to 1.1.x mysql_client.py sql injection

Post correlati

CVE-2024-37635 | TOTOLINK TOTOLINK A3700R 9.1.2u.6165_20211012 setWiFiBasicCfg ssid stack-based overflow

CVE-2024-30238 | Contest Gallery Plugin up to 21.3.2 on WordPress sql injection

CVE-2024-1069 | Contact Form Entries Plugin up to 1.3.2 on WordPress unrestricted upload

CVE-2023-41505 | Student Enrollment 1.0 Profile Picture unrestricted upload