Submeter #773899: Mindinventory MindSQL v0.2.1 SQL Injectioninformação

TítuloMindinventory MindSQL v0.2.1 SQL Injection
DescriçãoThe vulnerability exists in the complete trust chain between user input, LLM output, and SQL execution. Malicious users can exploit this through prompt injection attacks, manipulating the LLM to generate arbitrary SQL statements that are then executed directly on the database server. The core issue stems from the system's implicit trust in LLM-generated SQL without any filtering or validation in the execution pipeline.
Fonte⚠️ https://github.com/Ka7arotto/cve/blob/main/mindsql-text2sql/issue.md
Utilizador
 Goku (UID 80486)
Submissão06/03/2026 12h37 (há 3 meses)
Moderação20/03/2026 15h08 (14 days later)
EstadoAceite
Entrada VulDB352073 [Mindinventory MindSQL até 0.2.1 mindsql_core.py ask_db Injeção SQL]
Pontos19

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!