Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Nuclei
Nucleiadded 14 hours ago48 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS8.3AI score0.39855EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/02/05 6:25 a.m.2 views

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS8.1AI score0.39855EPSS
Exploits0References1
NVD
NVDadded 2024/06/28 8:15 p.m.19 views

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS0.39855EPSS
Exploits0References1
CVE
CVEadded 2024/06/28 7:27 p.m.94 views

CVE-2024-5827

Vanna v0.3.4 is affected by an SQL injection in the DuckDB integration exposed through its Flask Web APIs. The vulnerability allows attackers to inject malicious SQL training data and craft queries that can write arbitrary files to the file system (e.g., backdoor.php with contents ), potentially ...

9.8CVSS10AI score0.39855EPSS
In wildExploits0References1
Cvelist
Cvelistadded 2024/06/28 7:27 p.m.176 views

CVE-2024-5827 Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS0.39855EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/06/28 7:27 p.m.14 views

CVE-2024-5827 Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS8.1AI score0.39855EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/04/16 12:0 a.m.2 views

PT-2024-5388 · Duckdb +2 · Duckdb +2

Name of the Vulnerable Software and Affected Versions: Vanna version 0.3.4 Description: The issue is related to the Vanna framework's web interface, specifically with its integration of DuckDB and Flask Web APIs. It allows for SQL injection, enabling attackers to inject malicious SQL training dat...

9.8CVSS8.6AI score0.39855EPSS
Exploits0References5
Rows per page
Query Builder