Critical severity9.8NVD Advisory· Published Jun 28, 2024· Updated Apr 15, 2026
CVE-2024-5827
CVE-2024-5827
Description
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents <?php system($_GET[0]); ?>. This can lead to command execution or the creation of backdoors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.