SQL Injection Leading to Arbitrary File Reading
A SQL injection vulnerability in the Neural Compressor's `neural_solution` server allows attackers to manipulate database entries and download arbitrary files from the host system. This issue affects version 2.4 and was patched in version 2.5.0.
Available publicly on May 15 2024
Threat Overview
The vulnerability arises from improper handling of SQL queries within the neural_solution
server, specifically in the API endpoint /task/submit
. Attackers can exploit this by injecting malicious SQL code into the q_model_path
field of a task, enabling them to alter database entries. Subsequently, the /download/<task_id>
endpoint can be abused to download any file specified in the altered q_model_path
, leading to unauthorized access to sensitive files, database compromise, and potential system compromise.
Attack Scenario
An attacker first submits a legitimate task to obtain a valid task_id
. They then craft a malicious JSON payload, injecting SQL code into the approach
parameter to alter the q_model_path
of the task in the database to a sensitive directory (e.g., /home/victim/.ssh
). Finally, the attacker uses the /download/<task_id>
endpoint to download the contents of the specified directory, gaining unauthorized access to sensitive files.
Who is affected
Users of the Neural Compressor version 2.4 are affected by this vulnerability. Specifically, systems where the neural_solution
server is deployed and accessible could be compromised, leading to unauthorized access to sensitive files and potentially further system compromise.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.