| 제목 | Mindinventory MindSQL v0.2.1 SQL Injection |
|---|
| 설명 | The vulnerability exists in the complete trust chain between user input, LLM output, and SQL execution. Malicious users can exploit this through prompt injection attacks, manipulating the LLM to generate arbitrary SQL statements that are then executed directly on the database server. The core issue stems from the system's implicit trust in LLM-generated SQL without any filtering or validation in the execution pipeline. |
|---|
| 원천 | ⚠️ https://github.com/Ka7arotto/cve/blob/main/mindsql-text2sql/issue.md |
|---|
| 사용자 | Goku (UID 80486) |
|---|
| 제출 | 2026. 03. 06. PM 12:37 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 20. PM 03:08 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352073 [Mindinventory MindSQL 까지 0.2.1 mindsql_core.py ask_db SQL 주입] |
|---|
| 포인트들 | 19 |
|---|