TimBroddin astro-mcp-server SQL Injection Vulnerability in MCP Tool Query Construction

A SQL injection vulnerability has been identified in TimBroddin astro-mcp-server versions through 1.1.1. The issue resides in the MCP Tool Query Construction component, specifically within the file src/index.ts. The vulnerability allows remote attackers to manipulate SQL queries by exploiting user-controlled parameters, such as keywords and app IDs, injected directly into SQLite query strings. This could lead to unauthorized data access or modification within the local Astro ASO database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to bypass filters, extract arbitrary data from the Astro ASO database, and potentially alter database query semantics.

Reproduction

To reproduce this vulnerability, upload the affected version of TimBroddin astro-mcp-server to a server with read access to an Astro ASO SQLite database. Once the server is running, use the MCP Inspector or another MCP client to invoke the 'search_rankings' tool with a crafted keyword parameter that includes SQL injection payloads. The injected SQL will be executed by the application's database engine, demonstrating the vulnerability by, for example, extracting SQLite version information.

Remediation

Users are advised to update to a version that addresses this vulnerability. As of the time of this report, no fixed version is available. In the meantime, do not expose the MCP server to untrusted users and restrict tool access to trusted local clients.