3 matches found
CVE-2024-7764
creationtimestamp| type| source ---|---|--- 2025-03-20 10:19:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8188 2026-02-27 05:41:46+00:00| seen| https://gist.github.com/YLChen-007/48b86c2365e5ebf6923d5f14491b4329...
CVE-2024-7764
Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...
CVE-2024-7764 SQL Injection in vanna-ai/vanna
Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...