Neuron PHP Framework MySQLWriteTool Arbitrary SQL Execution Vulnerability

A vulnerability in the Neuron PHP framework, specifically in the MySQLWriteTool component, allows for the execution of arbitrary SQL queries. This issue is present in versions 2.8.11 and earlier. The vulnerability arises because the MySQLWriteTool executes SQL provided by the user without any semantic restrictions, using PDO's prepare and execute methods. In the context of large language models and AI agents, this could lead to prompt injection or indirect prompt manipulation, causing the execution of harmful SQL commands such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements, depending on the database permissions. The vulnerability affects deployments that expose an agent with MySQLWriteTool enabled to untrusted input, or that use a database user with extensive privileges.

Impact

Exploitation of this vulnerability could lead to the execution of destructive SQL queries, allowing for the deletion or alteration of database tables and records, or the execution of privilege-related statements that could escalate database permissions.

Remediation

Users can upgrade to Neuron version 2.8.12, where this vulnerability has been patched. For those unable to upgrade, it is recommended to disable the MySQLWriteTool for public or untrusted agents, use a dedicated database user with limited privileges, add an application-layer policy to reject high-risk SQL statements, and implement authorization controls for tool calls.