CVE-2024-4890

MEDIUM

litellm 1.27.14 - Blind SQL Injection via User ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-4890. PoCs published by nekr0ff.

AI-analyzed exploit summary This repository contains a functional privilege escalation exploit for CVE-2024-4890 in 'needrestart' (>= 3.8). It leverages insecure handling of PYTHONPATH to execute a malicious shared library as root when 'needrestart' scans Python processes.

Description

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14.

Exploits (1)

nomisec WORKING POC

by nekr0ff · poc

https://github.com/nekr0ff/needrestart-sudo-escalate-cve-2024-4890

View Code ZIP pw:eip

This repository contains a functional privilege escalation exploit for CVE-2024-4890 in 'needrestart' (>= 3.8). It leverages insecure handling of PYTHONPATH to execute a malicious shared library as root when 'needrestart' scans Python processes.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: needrestart >= 3.8

Auth required

Prerequisites: sudo access to 'needrestart' · gcc for compilation · Python 3 · network access to attacker-controlled server for payload download

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1553.004 - Install Root Certificate

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://huntr.com/bounties/a4f6d357-5b44-4e00-9cac-f1cc351211d2

Scores

CVSS v3 4.9

EPSS 0.0006

EPSS Percentile 20.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

litellm/litellm 1.27.14

pypi/litellm 0PyPI

Published Jun 06, 2024

Tracked Since Feb 18, 2026