Mindinventory MindSQL SQL Injection Vulnerability in Version 0.2.1

A SQL injection vulnerability has been identified in Mindinventory MindSQL versions through 0.2.1. The issue arises in the 'ask_db' function within 'mindsql/core/mindsql_core.py'. This vulnerability allows remote attackers to manipulate user input, prompting the application to execute arbitrary SQL commands on the connected database. The exploitation takes advantage of the application's lack of proper validation and sanitization of SQL queries generated by large language models (LLMs), potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution on the database server. This could include data manipulation or deletion, unauthorized access to sensitive information, and in the case of PostgreSQL, execution of system commands via database features, all of which could result in a complete compromise of the database or even remote code execution on the database server.

Reproduction

The vulnerability can be reproduced by using MindSQL with a connected PostgreSQL database. After establishing a database connection, a prompt injection attack can be executed through the 'ask_db' function. The injected prompt should manipulate the LLM into generating harmful SQL commands, such as those that drop tables or execute system commands via PostgreSQL's 'COPY FROM PROGRAM' feature.