PraisonAI Second-Order SQL Injection Vulnerability in get_all_user_threads Function

A second-order SQL injection vulnerability has been identified in PraisonAI versions prior to 4.5.90. The issue arises in the get_all_user_threads function, which constructs SQL queries using f-strings with unescaped thread IDs retrieved from the database. An attacker can exploit this by injecting a malicious thread ID through the update_thread function. When the application retrieves the thread list, the injected payload is executed, potentially granting the attacker full access to the database.

Impact

Exploitation of this vulnerability leads to a complete compromise of the database. This includes unauthorized access to sensitive information such as user emails, session tokens, and API keys, as well as all conversation histories. Additionally, an attacker could modify or delete database contents.

Reproduction

To reproduce this vulnerability, first, update a thread with a valid thread ID as a user. Then, inject a malicious payload by updating another thread with the injected thread ID. Finally, call the get_all_user_threads function to retrieve the thread list, which will execute the injected payload and expose the database contents.

Remediation

Users are advised to update PraisonAI to version 4.5.90 or later, where this vulnerability has been patched.