| عنوان | Mindinventory MindSQL v0.2.1 SQL Injection |
|---|
| الوصف | A **prompt injection** vulnerability exists in the application flow where untrusted user input is forwarded to an LLM to generate SQL and (optionally) Python visualization code. If the system **executes or evaluates** LLM-generated Python (e.g., for Plotly chart generation), an attacker can craft a prompt that coerces the model into producing **malicious Python statements**, potentially leading to **Remote Code Execution (RCE)** on the host.
|
|---|
| المصدر | ⚠️ https://github.com/Ka7arotto/cve/blob/main/MindSQL-RCE.md |
|---|
| المستخدم | Goku (UID 80486) |
|---|
| ارسال | 06/03/2026 12:35 PM (3 أشهر منذ) |
|---|
| الاعتدال | 20/03/2026 03:08 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352072 [Mindinventory MindSQL حتى 0.2.1 mindsql_core.py ask_db تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|