PraisonAI contains a critical SQL injection vulnerability that allows attackers to execute arbitrary database queries and gain full access to sensitive stored data.

The get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs. An attacker can store a malicious payload in a thread ID via the update_thread function, which is then executed when the application attempts to load the thread list.

This vulnerability allows for the complete compromise of the application's database. Attackers can read, modify, or delete all stored data, including user credentials and proprietary AI training data. The CVSS score of 9.8 reflects the high probability of total data loss and unauthorized administrative access.

Immediate Action: Update PraisonAI to version 4.5.90 or later to implement parameterized queries and proper input sanitization.

Proactive Monitoring: Monitor database logs for unusual query patterns, such as those containing unexpected SQL keywords (e.g., UNION, SELECT, SLEEP) in the thread ID fields.

Compensating Controls: Deploy a WAF with SQL injection protection rules to detect and block malicious payloads in application requests.

Public Exploit Available: false

SQL injection remains one of the most damaging web vulnerabilities. Given the 9.8 severity, it is critical to apply the update to version 4.5.90 immediately. Organizations should also conduct a database audit to ensure no unauthorized data exfiltration has occurred prior to patching.