PraisonAI SQLite Identifier Injection Vulnerability in SQLiteConversationStore

An SQL identifier injection vulnerability has been identified in PraisonAI versions prior to 4.5.133. The issue arises in the SQLiteConversationStore component, where the table_prefix configuration value is directly inserted into SQL queries using f-strings, without any validation or sanitization. This vulnerability allows an attacker who can control the table_prefix value, such as through from_yaml or from_dict configuration inputs, to inject arbitrary SQL fragments that can alter the structure of the SQL queries. Exploitation of this vulnerability could lead to unauthorized access to data, such as internal SQLite tables like sqlite_master, and manipulation of query results using techniques like UNION-based injection. The vulnerability originates from unvalidated configuration input, which is passed through the application's factory and into the SQL query construction process, enabling attackers to exploit the injection flaw and tamper with query execution.

Impact

Successful exploitation allows for SQL identifier injection, manipulation of SQL query results, unauthorized access to internal SQLite schema information, and alteration of query execution semantics, potentially leading to exploitation of other vulnerabilities or unauthorized actions within the application.

Reproduction

The vulnerability can be reproduced by creating a SQLiteConversationStore instance with a malicious table_prefix that includes SQL injection payloads, such as UNION-based injection techniques. This injected prefix will be executed as part of the SQL query, demonstrating the ability to manipulate query results and access unauthorized data.

Remediation

Users are advised to update to PraisonAI version 4.5.133 or later, where this vulnerability has been fixed.