| 제목 | Sinaptik AI PandasAI <= 0.1.4 SQL Injection (CWE-89) |
|---|
| 설명 | # Technical Details
A SQL Injection vulnerability exists in the pandasai-lancedb extension (`extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py`) of Sinaptik AI PandasAI.
Multiple methods construct database filtering expressions using Python f-strings, directly embedding user-provided id values into WHERE clauses without sanitization or parameterization. Since LanceDB uses DuckDB for SQL predicate evaluation, an attacker can inject "x' OR 1=1 --" to match all rows, enabling mass data destruction.
# Vulnerable Code
File: extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py (lines 228-230, 232-235, 197-202, 217-222, 271-278, 284-291)
Methods: delete_question_and_answers(), delete_docs(), update_question_answer(), update_docs(), get_relevant_question_answers_by_id(), get_relevant_docs_by_id()
Why: All use f"id = '{id}'" pattern — self._qa_table.delete(f"id = '{id}'") allows SQL injection when id contains single quotes.
# Reproduction
1. Application exposes PandasAI vector store deletion endpoint.
2. Send: POST /api/training/delete with {"ids": ["x' OR 1=1 --"]}
3. Query becomes: id = 'x' OR 1=1 --' — evaluates TRUE for all rows.
4. Entire pandasai-qa or pandasai-docs table is wiped.
# Impact
- Mass data destruction of AI training context (RAG database).
- Denial of Service: AI agent loses ability to retrieve correct information.
- Potential data exfiltration via read methods. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/e33f76941234bed3824181ed252bd09f |
|---|
| 사용자 | Eric-b (UID 96354) |
|---|
| 제출 | 2026. 03. 12. AM 02:54 (18 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. PM 02:48 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353883 [Sinaptik AI PandasAI 까지 0.1.4 pandasai-lancedb Extension lancedb.py SQL 주입] |
|---|
| 포인트들 | 20 |
|---|