PraisonAI: SQLite Table Access Risk from Unvalidated Configuration

Summary

PraisonAI's SQLite database may be accessed without permission if an attacker controls the 'table_prefix' configuration value. This could allow them to view internal database tables or alter query results. To protect your system, review your configuration settings and ensure that the 'table_prefix' value is set securely.

What to do

Update mervin praison praisonai to version 4.5.133.

Affected software

Vendor	Product	Affected versions	Fix available
mervin praison	praisonai	<= 4.5.133	4.5.133

Original title

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly conca...

Original description

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers cannot be safely parameterized, an attacker who controls the table_prefix value (e.g., through from_yaml or from_dict configuration input) can inject arbitrary SQL fragments that alter query structure. This enables unauthorized data access, such as reading internal SQLite tables like sqlite_master, and manipulation of query results through techniques like UNION-based injection. The vulnerability propagates from configuration input in config.py, through factory.py, to the SQL query construction in sqlite.py. Exploitation requires the ability to influence configuration input, and successful exploitation leads to internal schema disclosure and full query result tampering. This issue has been fixed in version 4.5.133.

osv CVSS4.0 8.1

Vulnerability type

CWE-89 SQL Injection