A vulnerability, which was classified as critical, has been found in netease-youdao QAnything up to 1.4.1. This issue affects the function
get_knowledge_base_name/from_status_to_status/delete_files/get_file_by_status
. The manipulation leads to sql injection.
The identification of this vulnerability is CVE-2024-7099. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.