Critical Severity


SQL Injection Leading to Arbitrary File Reading

A SQL injection vulnerability in the Neural Compressor's `neural_solution` server allows attackers to manipulate database entries and download arbitrary files from the host system. This issue affects version 2.4 and was patched in version 2.5.0.

Available publicly on May 15 2024





Threat Overview

The vulnerability arises from improper handling of SQL queries within the neural_solution server, specifically in the API endpoint /task/submit. Attackers can exploit this by injecting malicious SQL code into the q_model_path field of a task, enabling them to alter database entries. Subsequently, the /download/<task_id> endpoint can be abused to download any file specified in the altered q_model_path, leading to unauthorized access to sensitive files, database compromise, and potential system compromise.

Attack Scenario

An attacker first submits a legitimate task to obtain a valid task_id. They then craft a malicious JSON payload, injecting SQL code into the approach parameter to alter the q_model_path of the task in the database to a sensitive directory (e.g., /home/victim/.ssh). Finally, the attacker uses the /download/<task_id> endpoint to download the contents of the specified directory, gaining unauthorized access to sensitive files.

Who is affected

Users of the Neural Compressor version 2.4 are affected by this vulnerability. Specifically, systems where the neural_solution server is deployed and accessible could be compromised, leading to unauthorized access to sensitive files and potentially further system compromise.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.