Invicti detected that the application is vulnerable to a MongoDB operator injection. MongoDB injections occur when applications don't sanitize user input, which is then interpreted by a MongoDB database.
Depending on the backend database version, an attacker can perform one of the following types of attacks successfully:
- Reading, updating or deleting arbitrary data from the database
- Collect sensitive information about the backend server configuration
To avoid this vulnerability;
- Sanitize user-supplied input and strictly check its type
- Use most recent version of MongoDB.