CVE-2024-7099 | netease-youdao QAnything up to 1.4.1 sql injection

Posted by Angelo Barbosa | Oct 14, 2024 | CVE

A vulnerability, which was classified as critical, has been found in netease-youdao QAnything up to 1.4.1. This issue affects the function get_knowledge_base_name/from_status_to_status/delete_files/get_file_by_status. The manipulation leads to sql injection.

The identification of this vulnerability is CVE-2024-7099. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-7099 | netease-youdao QAnything up to 1.4.1 sql injection

Related Posts

CVE-2024-1960 | ShopLentor Plugin up to 2.8.1 on WordPress Banner Link cross site scripting

CVE-2024-39877 | Apache Airflow up to 2.9.2 Scheduler doc_md Privilege Escalation

CVE-2024-35527 | PTY FarCry Core framework up to 7.2.13 /fileupload/upload.cfm unrestricted upload

CVE-2024-31857 | WPMU Forminator Plugin up to 1.15.3 on WordPress cross site scripting