Vanna.ai Vanna SQL Injection Vulnerability in Versions Through 2.0.2

A SQL injection vulnerability has been identified in Vanna.ai's Vanna application, affecting versions up to 2.0.2. The issue arises in the 'ask' function within 'vanna\legacy\base\base.py', where user-controlled input is used to generate SQL commands that are executed without proper validation. This flaw allows remote attackers to manipulate the output of the language model, leading to unauthorized SQL execution. Given the capabilities of Oracle databases, such exploitation could enable attackers to execute arbitrary commands on the server, potentially compromising the entire system.

Impact

Exploitation of this vulnerability allows for prompt injection that manipulates the language model into generating harmful SQL. In Oracle database environments, this could lead to arbitrary command execution on the database server, with the risk of a complete system takeover.

Reproduction

The vulnerability can be reproduced by using a modified version of Vanna that includes the exploit. After setting up an Oracle database and creating a table, the injected SQL commands can be executed through the Vanna application. The results of these commands can be retrieved from the server, demonstrating the successful exploitation of the vulnerability.