Eric-E

**Name of the Vulnerable Software and Affected Versions** QuantumNous new-api versions prior to 0.12.2 **Description** A SQL injection flaw exists in the 'self' Endpoint within the `model/topup.go` file. The issue is located in the `SearchUserTopUps()` and `SearchAllTopUps()` functions, allowing a remote attacker to manipulate queries via SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QuantumNous new-api versions prior to 0.12.2 **Description** An issue in the Midjourney Image Relay Endpoint component, specifically within the `RelayMidjourneyImage/GetByOnlyMJId()` function located in the `router/relay-router.go` file, allows for a remote authorization bypass. This bypass occurs through manipulation of the function, although the attack is characterized by high complexity and difficult exploitability. **Recommendations** Update to a version later than 0.12.1. As a temporary workaround, restrict access to the `RelayMidjourneyImage/GetByOnlyMJId()` function to minimize the risk of exploitation.