PromtEngineer localGPT LLM Prompt Injection Vulnerability

A critical prompt injection vulnerability has been identified in PromtEngineer localGPT versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The vulnerability resides in the LLM Prompt Handler component, specifically within the '_route_using_overviews' function of 'backend/server.py'. This issue allows remote attackers to inject malicious instructions that are executed by the Large Language Model, potentially leading to unauthorized information extraction, manipulation of AI responses, and bypassing of routing logic. The vulnerability could be exploited to create persistent prompt poisoning effects, disrupt session management, and facilitate corporate espionage activities.

Impact

Exploitation of this vulnerability allows for unauthorized prompt injection, enabling attackers to manipulate AI responses, extract sensitive information from uploaded documents, and create persistent prompt poisoning effects that impact all users. When combined with other identified vulnerabilities, such as session hijacking, this could lead to significant corporate espionage consequences.

Reproduction

To reproduce this vulnerability, upload sensitive documents into a localGPT session. Then, send a crafted user query that exploits the unsanitized input handling in the '_route_using_overviews' function. The query should include newline characters and override instructions to extract confidential information or manipulate AI responses. This can be done using a simple HTTP POST request to the localGPT server with the malicious payload embedded in the 'message' field.