Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Local File Inclusion in netease-youdao/qanything

CVE-2024-12866

Description

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration files.

Affected products

Netease Youdao/Netease Youdao/qanythingv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/c23da7c7-a226-40a2-83db-6a8ab1b2ef64mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000