IEEE

DaMiT-SQL: Detecting and Mitigating Text-to-SQL Prompt Injection Attacks

Abstract: Large Language Models (LLMs) are known for their ability to understand and respond to human instructions/prompts. As such, LLMs can be used to produce natural language interfaces for ...
GitHub

High Severity SQL Injection in Tag Creation (ui-tags.php)

A High-Risk SQL Injection vulnerability was discovered in the tagging system of the FOSSology web interface. The vulnerability allows an authenticated user to execute arbitrary SQL commands, leak ...
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access ...
GitHub

wareflowx/excel-to-sql

Excel to SQLite simplifies the process of importing Excel data into SQLite databases. It provides automatic schema detection, data transformations, validation rules, and includes an intelligent ...
IEEE

SQL Injection in LLM-Generated Queries: Systematic Analysis of Detection Gaps and Security Risks

Abstract: Large language models (LLMs) are being woven into software systems at a remarkable pace. When these systems include a back-end database, LLM integration opens new attack surfaces for SQL ...