The vulnerability exists in LiteLLM’s authentication flow, where the Authorization: Bearer header is directly concatenated into a SQL query without proper parameterization. This flaw allows attackers to inject arbitrary SQL statements prior to authentication, enabling direct a...

The vulnerability exists in LiteLLM’s authentication flow, where the Authorization: Bearer header is directly concatenated into a SQL query without proper parameterization. This flaw allows attackers to inject arbitrary SQL statements prior to authentication, enabling direct a...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/critical-sql-injection-vulnerability-in-litellm-exploited-in-the-wild