| タイトル | Sinaptik AI PandasAI <= 0.1.4 SQL Injection (CWE-89) |
|---|
| 説明 | # Technical Details
A SQL Injection vulnerability exists in the pandasai-lancedb extension (`extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py`) of Sinaptik AI PandasAI.
Multiple methods construct database filtering expressions using Python f-strings, directly embedding user-provided id values into WHERE clauses without sanitization or parameterization. Since LanceDB uses DuckDB for SQL predicate evaluation, an attacker can inject "x' OR 1=1 --" to match all rows, enabling mass data destruction.
# Vulnerable Code
File: extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py (lines 228-230, 232-235, 197-202, 217-222, 271-278, 284-291)
Methods: delete_question_and_answers(), delete_docs(), update_question_answer(), update_docs(), get_relevant_question_answers_by_id(), get_relevant_docs_by_id()
Why: All use f"id = '{id}'" pattern — self._qa_table.delete(f"id = '{id}'") allows SQL injection when id contains single quotes.
# Reproduction
1. Application exposes PandasAI vector store deletion endpoint.
2. Send: POST /api/training/delete with {"ids": ["x' OR 1=1 --"]}
3. Query becomes: id = 'x' OR 1=1 --' — evaluates TRUE for all rows.
4. Entire pandasai-qa or pandasai-docs table is wiped.
# Impact
- Mass data destruction of AI training context (RAG database).
- Denial of Service: AI agent loses ability to retrieve correct information.
- Potential data exfiltration via read methods. |
|---|
| ソース | ⚠️ https://gist.github.com/YLChen-007/e33f76941234bed3824181ed252bd09f |
|---|
| ユーザー | Eric-b (UID 96354) |
|---|
| 送信 | 2026年03月12日 02:54 (18 日 ago) |
|---|
| モデレーション | 2026年03月27日 14:48 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 353883 [Sinaptik AI PandasAI 迄 0.1.4 pandasai-lancedb Extension lancedb.py SQLインジェクション] |
|---|
| ポイント | 20 |
|---|