CVE-2024-7099

netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/netease-youdao/qanything/commit/a87354f09d93e95350fb45eb343dc75454387554	Patch
https://huntr.com/bounties/bc98983e-06cc-4a4b-be01-67e5010cb2c1	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qanything:qanything:1.4.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-13 21:15

Updated : 2025-07-30 19:44

NVD link : CVE-2024-7099

Mitre link : CVE-2024-7099

CVE.ORG link : CVE-2024-7099

JSON object : View

Products Affected

qanything

qanything

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-7099", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-13T21:15:10.957", "references": [{"url": "https://github.com/netease-youdao/qanything/commit/a87354f09d93e95350fb45eb343dc75454387554", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/bc98983e-06cc-4a4b-be01-67e5010cb2c1", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2."}, {"lang": "es", "value": "La versi\u00f3n 1.4.1 de netease-youdao/qanything contiene una vulnerabilidad en la que los datos no seguros obtenidos de la entrada del usuario se concatenan en consultas SQL, lo que provoca una inyecci\u00f3n SQL. Las funciones afectadas incluyen `get_knowledge_base_name`, `from_status_to_status`, `delete_files` y `get_file_by_status`. Un atacante puede aprovechar esta vulnerabilidad para ejecutar consultas SQL arbitrarias, lo que podr\u00eda robar informaci\u00f3n de la base de datos. El problema se solucion\u00f3 en la versi\u00f3n 1.4.2."}], "lastModified": "2025-07-30T19:44:27.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qanything:qanything:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4453A77F-238C-41BB-AE50-CAA324E5709B"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}