| タイトル | designcomputer mysql_mcp_server 0.2.2 SQL Injection |
|---|
| 説明 | mysql-mcp-server is a Model Context Protocol (MCP) server that bridges AI applications with MySQL databases. The `read_resource()` handler accepts URIs in the format `mysql://{table}/data` and constructs SQL queries using Python f-string interpolation without input validation or parameterization.
The vulnerable code in `src/mysql_mcp_server/server.py` (lines 87-95) parses the URI to extract a table name and directly interpolates it into a SQL query:
```python
parts = uri_str[8:].split('/')
table = parts[0] # unsanitized user input
cursor.execute(f"SELECT * FROM {table} LIMIT 100") # SQL injection point
```
An attacker can craft a malicious URI where the table name contains SQL injection payloads (e.g., `UNION SELECT` statements). The injected SQL is executed with the full privileges of the configured MySQL connection, which in typical deployments is the root user. This vulnerability requires control over the URI parameter sent to the MCP server, which can be achieved through prompt injection attacks against the AI client, malicious MCP client implementations, or man-in-the-middle attacks on the stdio transport. |
|---|
| ソース | ⚠️ https://github.com/designcomputer/mysql_mcp_server/issues/89 |
|---|
| ユーザー | BlackBird_BB (UID 96773) |
|---|
| 送信 | 2026年05月24日 19:49 (17 日 ago) |
|---|
| モデレーション | 2026年06月07日 21:46 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 369146 [designcomputer mysql-mcp-server 迄 0.2.2 mysql URI server.py read_resource uri_str SQLインジェクション] |
|---|
| ポイント | 20 |
|---|