| Название | Sinaptik AI PandasAI <= 0.1.4 SQL Injection (CWE-89) |
|---|
| Описание | # Technical Details
A SQL Injection vulnerability exists in the pandasai-lancedb extension (`extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py`) of Sinaptik AI PandasAI.
Multiple methods construct database filtering expressions using Python f-strings, directly embedding user-provided id values into WHERE clauses without sanitization or parameterization. Since LanceDB uses DuckDB for SQL predicate evaluation, an attacker can inject "x' OR 1=1 --" to match all rows, enabling mass data destruction.
# Vulnerable Code
File: extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py (lines 228-230, 232-235, 197-202, 217-222, 271-278, 284-291)
Methods: delete_question_and_answers(), delete_docs(), update_question_answer(), update_docs(), get_relevant_question_answers_by_id(), get_relevant_docs_by_id()
Why: All use f"id = '{id}'" pattern — self._qa_table.delete(f"id = '{id}'") allows SQL injection when id contains single quotes.
# Reproduction
1. Application exposes PandasAI vector store deletion endpoint.
2. Send: POST /api/training/delete with {"ids": ["x' OR 1=1 --"]}
3. Query becomes: id = 'x' OR 1=1 --' — evaluates TRUE for all rows.
4. Entire pandasai-qa or pandasai-docs table is wiped.
# Impact
- Mass data destruction of AI training context (RAG database).
- Denial of Service: AI agent loses ability to retrieve correct information.
- Potential data exfiltration via read methods. |
|---|
| Источник | ⚠️ https://gist.github.com/YLChen-007/e33f76941234bed3824181ed252bd09f |
|---|
| Пользователь | Eric-b (UID 96354) |
|---|
| Представление | 12.03.2026 02:54 (19 дни назад) |
|---|
| Модерация | 27.03.2026 14:48 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 353883 [Sinaptik AI PandasAI до 0.1.4 pandasai-lancedb Extension lancedb.py SQL-инъекция] |
|---|
| Баллы | 20 |
|---|