ArtMin96 Yii2 MCP Server Command Injection Vulnerability

A command injection vulnerability has been identified in ArtMin96's Yii2 MCP Server version 1.0.2. The issue arises in the MCP tools 'yii_command_help' and 'yii_execute_command', where user-supplied arguments are directly concatenated into command strings and executed without proper sanitization. This flaw allows remote attackers to inject shell metacharacters and execute arbitrary OS commands with the privileges of the server process. The vulnerability could lead to a complete compromise of the host, including unauthorized data access, modification, and service disruption.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, potentially leading to a full host compromise.

Reproduction

To reproduce this vulnerability, upload the Yii2 MCP Server to a Yii2 project. Start the MCP server from the project root, ensuring that the database configuration is loaded. Then, send a request to the 'yii_command_help' or 'yii_execute_command' tool, injecting a command such as 'migrate/status; id'. The response will include the output of the injected command, demonstrating successful exploitation.

Remediation

ArtMin96 has been notified of this vulnerability but has not yet responded. Until a patch is available, users are advised to restrict access to the MCP server, run it under a low-privilege account, and disable command-execution-oriented tools.