CVE Catalog

CVE-2024-50942

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile - higher than 39% of all known CVEs

Summary

A SQL injection vulnerability was discovered in qiwen-file version 1.4.0 within the /mapper/NoticeMapper.xml component. Attackers can exploit this flaw to execute unauthorized database queries.

Risk Assessment

The risk includes potential leakage of sensitive data, modification or deletion of database information, which could compromise system confidentiality and integrity.

Recommendation

It is recommended to immediately update qiwen-file to the latest version and apply proper SQL injection prevention measures, such as parameterized queries.

Original NVD description (English source)

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS