The vulnerability in the Flask web interface for generating queries to the Vanna database allows a hacker to write arbitrary files and execute arbitrary commands.
The vulnerability in the Flask web framework’s database query generation interface for Vanna involves unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to write any files and execute any commands by sending specially created queries...