Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection in netease-youdao/qanything
Vulnerability Description
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
NetEase QAnything SQL注入漏洞
Vulnerability Description
NetEase QAnything是中国网易(NetEase)公司的致力于支持任意格式文件或数据库的本地知识库问答系统,可断网安装使用。 NetEase QAnything 1.4.1版本存在SQL注入漏洞,该漏洞源于会将从用户输入中获取的不安全数据连接到 SQL 查询中,从而导致 SQL 注入。
CVSS Information
N/A
Vulnerability Type
N/A