Submit #778268: Sinaptik AI PandasAI <= 0.1.4 SQL Injection (CWE-89)info

TitelSinaptik AI PandasAI <= 0.1.4 SQL Injection (CWE-89)
Beschreibung# Technical Details A SQL Injection vulnerability exists in the pandasai-lancedb extension (`extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py`) of Sinaptik AI PandasAI. Multiple methods construct database filtering expressions using Python f-strings, directly embedding user-provided id values into WHERE clauses without sanitization or parameterization. Since LanceDB uses DuckDB for SQL predicate evaluation, an attacker can inject "x' OR 1=1 --" to match all rows, enabling mass data destruction. # Vulnerable Code File: extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py (lines 228-230, 232-235, 197-202, 217-222, 271-278, 284-291) Methods: delete_question_and_answers(), delete_docs(), update_question_answer(), update_docs(), get_relevant_question_answers_by_id(), get_relevant_docs_by_id() Why: All use f"id = '{id}'" pattern — self._qa_table.delete(f"id = '{id}'") allows SQL injection when id contains single quotes. # Reproduction 1. Application exposes PandasAI vector store deletion endpoint. 2. Send: POST /api/training/delete with {"ids": ["x' OR 1=1 --"]} 3. Query becomes: id = 'x' OR 1=1 --' — evaluates TRUE for all rows. 4. Entire pandasai-qa or pandasai-docs table is wiped. # Impact - Mass data destruction of AI training context (RAG database). - Denial of Service: AI agent loses ability to retrieve correct information. - Potential data exfiltration via read methods.
Quelle⚠️ https://gist.github.com/YLChen-007/e33f76941234bed3824181ed252bd09f
Benutzer
 Eric-b (UID 96354)
Einreichung12.03.2026 02:54 (vor 19 Tagen)
Moderieren27.03.2026 14:48 (15 days later)
StatusAkzeptiert
VulDB Eintrag353883 [Sinaptik AI PandasAI bis 0.1.4 pandasai-lancedb Extension lancedb.py SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!