| शीर्षक | Mindinventory MindSQL v0.2.1 SQL Injection |
|---|
| विवरण | A **prompt injection** vulnerability exists in the application flow where untrusted user input is forwarded to an LLM to generate SQL and (optionally) Python visualization code. If the system **executes or evaluates** LLM-generated Python (e.g., for Plotly chart generation), an attacker can craft a prompt that coerces the model into producing **malicious Python statements**, potentially leading to **Remote Code Execution (RCE)** on the host.
|
|---|
| स्रोत | ⚠️ https://github.com/Ka7arotto/cve/blob/main/MindSQL-RCE.md |
|---|
| उपयोगकर्ता | Goku (UID 80486) |
|---|
| सबमिशन | 06/03/2026 12:35 PM (3 महीनों पहले) |
|---|
| संयम | 20/03/2026 03:08 PM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 352072 [Mindinventory MindSQL तक 0.2.1 mindsql_core.py ask_db अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|