CVE-2024-7099 SQL Injection in netease-youdao/qanything
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include getknowledgebasename, fromstatustostatus, deletefiles, and getfilebystatus. An attacker can exploit...