| Название | Mindinventory MindSQL v0.2.1 SQL Injection |
|---|
| Описание | The vulnerability exists in the complete trust chain between user input, LLM output, and SQL execution. Malicious users can exploit this through prompt injection attacks, manipulating the LLM to generate arbitrary SQL statements that are then executed directly on the database server. The core issue stems from the system's implicit trust in LLM-generated SQL without any filtering or validation in the execution pipeline. |
|---|
| Источник | ⚠️ https://github.com/Ka7arotto/cve/blob/main/mindsql-text2sql/issue.md |
|---|
| Пользователь | Goku (UID 80486) |
|---|
| Представление | 06.03.2026 12:37 (3 месяцы назад) |
|---|
| Модерация | 20.03.2026 15:08 (14 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 352073 [Mindinventory MindSQL до 0.2.1 mindsql_core.py ask_db SQL-инъекция] |
|---|
| Баллы | 19 |
|---|