Tag
PraisonAI versions before 4.6.78 are vulnerable to SQL/CQL injection, allowing an attacker to inject malicious SQL/CQL tokens into generated CREATE TABLE DDL statements by influencing the unvalidated 'dimension' argument in PGVector and Cassandra knowledge-store backends, potentially leading to arbitrary database command execution and data manipulation or destruction.