| 标题 | Sinaptik AI PandasAI <= 0.1.4 SQL Injection (CWE-89) |
|---|
| 描述 | # Technical Details
A SQL Injection vulnerability exists in the pandasai-lancedb extension (`extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py`) of Sinaptik AI PandasAI.
Multiple methods construct database filtering expressions using Python f-strings, directly embedding user-provided id values into WHERE clauses without sanitization or parameterization. Since LanceDB uses DuckDB for SQL predicate evaluation, an attacker can inject "x' OR 1=1 --" to match all rows, enabling mass data destruction.
# Vulnerable Code
File: extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py (lines 228-230, 232-235, 197-202, 217-222, 271-278, 284-291)
Methods: delete_question_and_answers(), delete_docs(), update_question_answer(), update_docs(), get_relevant_question_answers_by_id(), get_relevant_docs_by_id()
Why: All use f"id = '{id}'" pattern — self._qa_table.delete(f"id = '{id}'") allows SQL injection when id contains single quotes.
# Reproduction
1. Application exposes PandasAI vector store deletion endpoint.
2. Send: POST /api/training/delete with {"ids": ["x' OR 1=1 --"]}
3. Query becomes: id = 'x' OR 1=1 --' — evaluates TRUE for all rows.
4. Entire pandasai-qa or pandasai-docs table is wiped.
# Impact
- Mass data destruction of AI training context (RAG database).
- Denial of Service: AI agent loses ability to retrieve correct information.
- Potential data exfiltration via read methods. |
|---|
| 来源 | ⚠️ https://gist.github.com/YLChen-007/e33f76941234bed3824181ed252bd09f |
|---|
| 用户 | Eric-b (UID 96354) |
|---|
| 提交 | 2026-03-12 02時54分 (18 日前) |
|---|
| 管理 | 2026-03-27 14時48分 (15 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 353883 [Sinaptik AI PandasAI 直到 0.1.4 pandasai-lancedb Extension lancedb.py SQL注入] |
|---|
| 积分 | 20 |
|---|