Sinaptik AI PandasAI SQL Injection Vulnerability in pandasai-lancedb Extension

A SQL injection vulnerability has been identified in the Sinaptik AI PandasAI application, specifically in versions up to 0.1.4. The issue resides within the pandasai-lancedb extension, in a file called lancedb.py. Several functions in this file, including delete_question_and_answers, delete_docs, update_question_answer, update_docs, get_relevant_question_answers_by_id, and get_relevant_docs_by_id, are vulnerable because they use Python f-strings to interpolate user-provided IDs directly into SQL query strings without proper sanitization. This flaw allows attackers to manipulate SQL commands, potentially leading to unauthorized data access or deletion.

Impact

Exploitation of this vulnerability allows for mass data destruction, particularly of the AI training context stored in LanceDB, which could degrade the performance of AI applications relying on this data. Additionally, there is a potential for data exfiltration if the application exposes read methods.

Reproduction

To reproduce this vulnerability, an application must be set up that uses the PandasAI framework and exposes an API endpoint for deleting training data. The endpoint should accept a JSON payload containing IDs to delete. When the endpoint is called with a crafted ID that exploits the SQL injection vulnerability, the application will delete all data in the targeted database table, regardless of the specified ID.