Invia #836490: designcomputer mysql_mcp_server 0.2.2 SQL Injectioninformazioni

Titolodesigncomputer mysql_mcp_server 0.2.2 SQL Injection
Descrizionemysql-mcp-server is a Model Context Protocol (MCP) server that bridges AI applications with MySQL databases. The `read_resource()` handler accepts URIs in the format `mysql://{table}/data` and constructs SQL queries using Python f-string interpolation without input validation or parameterization. The vulnerable code in `src/mysql_mcp_server/server.py` (lines 87-95) parses the URI to extract a table name and directly interpolates it into a SQL query: ```python parts = uri_str[8:].split('/') table = parts[0] # unsanitized user input cursor.execute(f"SELECT * FROM {table} LIMIT 100") # SQL injection point ``` An attacker can craft a malicious URI where the table name contains SQL injection payloads (e.g., `UNION SELECT` statements). The injected SQL is executed with the full privileges of the configured MySQL connection, which in typical deployments is the root user. This vulnerability requires control over the URI parameter sent to the MCP server, which can be achieved through prompt injection attacks against the AI client, malicious MCP client implementations, or man-in-the-middle attacks on the stdio transport.
Fonte⚠️ https://github.com/designcomputer/mysql_mcp_server/issues/89
Utente
 BlackBird_BB (UID 96773)
Sottomissione24/05/2026 19:49 (2 mesi fa)
Moderazione07/06/2026 21:46 (14 days later)
StatoAccettato
Voce VulDB369146 [designcomputer mysql-mcp-server fino a 0.2.2 mysql URI server.py read_resource uri_str iniezione SQL]
Punti20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!