Designcomputer Mysql-Mcp-Server Sql Injection Vulnerability in Read_Resource Function

A SQL injection vulnerability has been identified in the Designcomputer Mysql-Mcp-Server application, specifically in versions prior to 0.2.2. The issue arises in the Mysql URI Handler component, within the read_resource function of the server.py file. The vulnerability allows remote exploitation by manipulating the uri_str argument, leading to unauthorized SQL code execution. This injection occurs because the table name parameter is not properly sanitized before being interpolated into SQL queries, enabling attackers to inject malicious payloads that are executed with the full privileges of the MySQL user, which is typically the root user.

Impact

Exploitation of this vulnerability allows attackers to inject arbitrary SQL into queries executed by the MySQL server. This could lead to unauthorized data access, such as reading sensitive information from databases, including user credentials and personal data. Additionally, attackers could exploit MySQL file privileges to read or write files on the server, execute denial-of-service attacks, or manipulate database structures by, for example, dropping tables.

Reproduction

To reproduce this vulnerability, send a request to the Mysql-Mcp-Server's read_resource function with a crafted URI that includes SQL injection payloads in the table name segment. This can be done by exploiting prompt injection vulnerabilities in the AI client, using a malicious MCP client, or intercepting and modifying requests in transit.

Remediation

Upgrade to Designcomputer Mysql-Mcp-Server version 0.3.0 or later, which includes patches for this vulnerability by adding input validation, schema verification, and other security enhancements.