A vulnerability was found in QAnything up to 1.1.x. It has been rated as critical. This issue affects some unknown processing of the file qanything_kernel/connector/database/mysql/mysql_client.py. The manipulation leads to sql injection.
The identification of this vulnerability is CVE-2024-25722. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.