-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| llama-index | pip | <= 0.9.35 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from Text-to-SQL components that directly translate natural language to executable SQL without proper input sanitization or parameterization. All listed classes: 1) Accept free-form English input 2) Generate raw SQL statements 3) Execute them directly. The PoC demonstrates successful table drops via crafted prompts, proving injection capability. File paths are inferred from standard package structure and import statements shown in the reproduction code.