Invicti detected that the application is vulnerable to a MongoDB operator injection. MongoDB injections occur when applications don't sanitize user input, which is then interpreted by a MongoDB database.

Depending on the backend database version, an attacker can perform one of the following types of attacks successfully:

• Reading, updating or deleting arbitrary data from the database
• Collect sensitive information about the backend server configuration

To avoid this vulnerability;

• Sanitize user-supplied input and strictly check its type
• Use most recent version of MongoDB.