cbcvebase.
CVE-2024-5827
published 2024-06-28

CVE-2024-5827: Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and…

PriorityP181critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.45%
87.5th percentile
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents ``. This can lead to command execution or the creation of backdoors.

Affected

1 ranges
VendorProductVersion rangeFixed in
vanna-aivanna-ai_vannaunspecified – latest

Detection & IOCsextracted from sources · hover to see the quote

url/api/v0/train
url/api/v0/generate_sql?question=What%20is%20the%20content%20of%20the%20first%201000%20characters%20of%20the%20%2Fetc%2Fpasswd%20file?
commandSELECT pg_read_file('/etc/passwd', 0, 1000);
  • Detect exploitation attempts by monitoring POST requests to /api/v0/train containing SQL injection payloads (e.g., pg_read_file) in the 'sql' JSON field, followed by GET requests to /api/v0/generate_sql.
  • Alert on HTTP 200 responses from /api/v0/generate_sql whose JSON body matches the regex 'root:.*:0:0:' indicating successful /etc/passwd exfiltration via SQL injection.
  • Monitor the filesystem for creation of PHP webshell files (e.g., backdoor.php) in web-accessible directories as a post-exploitation indicator of CVE-2024-5827 abuse.
  • The attack requires two sequential HTTP requests: (1) a training injection via POST /api/v0/train and (2) SQL generation trigger via GET /api/v0/generate_sql. Correlate both in network logs to identify full attack chain.
  • ·The vulnerability is specific to Vanna v0.3.4's DuckDB integration exposed via Flask Web APIs. The attack surface is only present when the Flask API is publicly accessible without authentication.
  • ·Exploitation is unauthenticated (PR:N), meaning no credentials are required to POST malicious training data to /api/v0/train, making internet-exposed instances immediately at risk.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.