Passer-W

**Name of the Vulnerable Software and Affected Versions** WeKnora versions prior to 0.2.5 **Description** WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Insufficient backend validation allows attackers to bypass query restrictions and obtain sensitive information from the target server and database when the Agent service is enabled. Specifically, prompt-based bypass techniques can be used to exploit this issue. The vulnerability stems from inadequate validation within the `validateAndSecureSQL()` function (lines 249–373 in `/internal/agent/tools/database query.go`) and the use of raw SQL execution without parameterized queries in the `Execute()` function (line 158 in `/internal/agent/tools/database query.go`). The vulnerable code does not adequately validate dangerous built-in PostgreSQL functions and fails to account for comments that can be used to bypass detection. An attacker can leverage this to execute unauthorized database queries via the `POST /api/v1/agent-chat/{session id}` API endpoint, potentially enumerating PostgreSQL server files and accessing data from other tenants. The variable `session id` is part of the vulnerable API endpoint. **Recommendations** Update WeKnora to version 0.2.5 or later.