GHSA-4J28-22QP-RJCF sqlite-mcp has an Injection issue

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

SQL Injection

Overview sqlite-mcp is an A lightweight Model Context Protocol server for allowing LLMs to autonomously interact with SQLite database. Affected versions of this package are vulnerable to SQL Injection via the extracttojson function. An attacker can execute arbitrary SQL commands by manipulating t...

CVE-2026-7206

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2026-25963

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-7206 dubydu sqlite-mcp entry.py extract_to_json sql injection

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-7206 dubydu sqlite-mcp entry.py extract_to_json sql injection

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-7206

CVE-2026-7206 affects the project dubydu sqlite-mcp up to version 0.1.0. The vulnerability is in the function extract_to_json (file src/entry.py). Malicious manipulation of the output_filename argument enables a SQL injection vulnerability. Remote exploitation is possible and the exploit has been...

PT-2026-35575

A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract to json of the file src/entry.py. Performing a manipulation of the argument output filename results in sql injection. Remote exploitation of the attack is possible. The exploit has...

SQLite MCP Server 注入漏洞

SQLite MCP Server is a lightweight tool developed by Doo Bui, an individual developer, that allows large models to operate SQLite databases autonomously. Versions of SQLite MCP Server 0.1.0 and earlier contained a vulnerability due to incorrect handling of the outputfilename parameter in the...