db-mcp

The server has critical SQL injection vulnerabilities. Numerous tools, such as `sqlite_vector_search`, `sqlite_text_split`, `sqlite_json_extract`, `sqlite_stats_basic`, and many others, accept user-provided SQL fragments like `whereClause` or `orderBy` as direct string inputs. These inputs are then concatenated directly into the SQL queries executed against the database without proper escaping or parameterization. This allows an attacker to inject arbitrary SQL, leading to data exfiltration, modification, deletion, or even full database compromise. While a `validateQuery` method exists, it performs only basic pattern matching and is insufficient to prevent sophisticated SQL injection attacks. The `no-console` ESLint rule is good for MCP's stdio transport, and OAuth implementation uses the `jose` library correctly, but these do not mitigate the core SQL injection risk.