MongoDB Operator Injection

Severity:

High

Summary

Invicti detected that the application is vulnerable to a MongoDB operator injection. MongoDB injections occur when applications don't sanitize user input, which is then interpreted by a MongoDB database.

Impact

Depending on the backend database version, an attacker can perform one of the following types of attacks successfully:

Reading, updating or deleting arbitrary data from the database
Collect sensitive information about the backend server configuration

Remediation

To avoid this vulnerability;

Sanitize user-supplied input and strictly check its type
Use most recent version of MongoDB.

Required Skills for Successful Exploitation

Actions To Take

Classifications

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

HTTP Parameter Pollution

Code Evaluation (Apache Struts) S2-046

Code Evaluation (Apache Struts S02-53)

Code Execution via Local File Inclusion

Out of Band Code Execution via SSTI (Node.js Marko)

MongoDB Operator Injection

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.