Zhongyu09 Openchatbi SQL Injection Vulnerability Allowing Arbitrary SQL Execution and Remote Code Execution

A critical SQL injection vulnerability has been identified in Zhongyu09 OpenChatBI versions through 0.2.1. The issue arises in the Multi-stage Text2SQL Workflow component, where user input is processed by several LLM-driven nodes before being executed against the database. This vulnerability allows attackers to inject arbitrary SQL commands that are executed without any validation or sanitization, potentially leading to remote code execution on the database server.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, including dangerous database-specific commands that can execute system commands, such as PostgreSQL's 'COPY FROM PROGRAM'. This could lead to remote code execution on the database server. Additionally, the injected SQL could be used to exfiltrate, manipulate, or destroy data, and potentially compromise the entire database server for further attacks.

Reproduction

The vulnerability can be reproduced by crafting a prompt that manipulates the Text2SQL workflow. This involves bypassing validation checks and injecting SQL commands through the keywords argument. Once the malicious SQL is generated, it can be executed directly on the database server, with the output returned to the attacker.

Remediation

No known mitigation is available for this vulnerability.