ГлавнаяУязвимости → CVE-2024-12866
7.5высокая

CVE-2024-12866

Описание

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files.

Затрагиваемое ПО
Youdao Qanything
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64