mysql-mcp

1. Arbitrary Code Execution (CRITICAL): The `mysqlsh_run_script` tool allows direct execution of user-provided JavaScript, Python, or SQL code via the `mysqlsh` subprocess. This is a severe vulnerability, enabling any client (AI or malicious actor if unauthenticated/unauthorized) to execute arbitrary commands on the host system. 2. Insecure TLS Connection Option: MySQL Router tools (`mysql_router_status` etc.) support `MYSQL_ROUTER_INSECURE=true`, disabling TLS certificate verification. This creates a significant risk for Man-in-the-Middle attacks if used in production, despite documentation for development purposes. 3. Hardcoded Default Credentials: ProxySQL tools use hardcoded default credentials ('admin', 'admin') if environment variables (`PROXYSQL_USER`, `PROXYSQL_PASSWORD`) are not explicitly set, posing a common misconfiguration risk. 4. `local_infile` Vulnerability: `mysqlsh_import_table` and `mysqlsh_load_dump` tools can set `SET GLOBAL local_infile = ON`. While requiring high privileges, this command could be exploited for data exfiltration or arbitrary file reads if a malicious file path is provided and the MySQL server is compromised. 5. SQL Injection Protection: The project generally uses good practices like parameterized queries and includes `validateQuery` for detecting dangerous SQL patterns and enforcing read-only modes. Identifier escaping is also implemented. However, direct `rawQuery` calls for `SHOW` commands, while validated, present a slightly higher attack surface.