| عنوان | Mindinventory MindSQL v0.2.1 SQL Injection |
|---|
| الوصف | The vulnerability exists in the complete trust chain between user input, LLM output, and SQL execution. Malicious users can exploit this through prompt injection attacks, manipulating the LLM to generate arbitrary SQL statements that are then executed directly on the database server. The core issue stems from the system's implicit trust in LLM-generated SQL without any filtering or validation in the execution pipeline. |
|---|
| المصدر | ⚠️ https://github.com/Ka7arotto/cve/blob/main/mindsql-text2sql/issue.md |
|---|
| المستخدم | Goku (UID 80486) |
|---|
| ارسال | 06/03/2026 12:37 PM (3 أشهر منذ) |
|---|
| الاعتدال | 20/03/2026 03:08 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352073 [Mindinventory MindSQL حتى 0.2.1 mindsql_core.py ask_db حقن SQL] |
|---|
| النقاط | 19 |
|---|