Xixihahaliu

**Name of the Vulnerable Software and Affected Versions** QAnything versions prior to 1.2.0 **Description** The issue allows SQL Injection in the qanything kernel/connector/database/mysql/mysql client.py module. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the mysql client.py module to minimize the risk of exploitation. Avoid using user-supplied input in SQL queries until the issue is resolved.