Currently Python2 is loading SQLite 3.32.1 I don't think even Python3 exposes sqlite3_db_config either. This "obscure" attack vector is a very reproducible and viable one for a friend of mine. He allows people to upload custom SQLite databases and runs predictable (by the user) select queries on them.