A flaw was found in PyMySQL. When processing untrusted JSON input, keys are not escaped by the escape_dict function due to insufficient input sanitization, allowing an attacker to inject malicious SQL queries.
Make sure the permissions are set correctly for each user, database, table, operation, etc. Do not expose the PyMySQL library to untrusted JSON input.