MongoDB Operator Injection

Severity:

High

Summary

Invicti detected that the application is vulnerable to a MongoDB operator injection. MongoDB injections occur when applications don't sanitize user input, which is then interpreted by a MongoDB database.

Impact

Depending on the backend database version, an attacker can perform one of the following types of attacks successfully:

Reading, updating or deleting arbitrary data from the database
Collect sensitive information about the backend server configuration

Remediation

To avoid this vulnerability;

Sanitize user-supplied input and strictly check its type
Use most recent version of MongoDB.

Required Skills for Successful Exploitation

Actions To Take

Classifications

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Out of Band SQL Injection

Progress MOVEit Transfer SQL Injection

Code Execution via SSTI

Blind Command Injection

Frame Injection

MongoDB Operator Injection

Vulnerability Index

Select Category

Select Vulnerability

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.