Mindsql
Monthly
SQL injection in Mindinventory MindSQL versions up to 0.2.1 allows authenticated remote attackers to execute arbitrary SQL commands through the ask_db function. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure attempts. Attackers with valid credentials can manipulate database queries to access, modify, or delete sensitive data.
A code injection vulnerability exists in Mindinventory MindSQL up to version 0.2.1 that allows remote code execution through manipulation of the ask_db function in mindsql/core/mindsql_core.py. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the affected system. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts, increasing the likelihood of active exploitation.
SQL injection in Mindinventory MindSQL versions up to 0.2.1 allows authenticated remote attackers to execute arbitrary SQL commands through the ask_db function. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure attempts. Attackers with valid credentials can manipulate database queries to access, modify, or delete sensitive data.
A code injection vulnerability exists in Mindinventory MindSQL up to version 0.2.1 that allows remote code execution through manipulation of the ask_db function in mindsql/core/mindsql_core.py. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the affected system. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts, increasing the likelihood of active exploitation.