MongoDB Operator Injection

Severity: High

Invicti detected that the application is vulnerable to a MongoDB operator injection. MongoDB injections occur when applications don't sanitize user input, which is then interpreted by a MongoDB database.


Depending on the backend database version, an attacker can perform one of the following types of attacks successfully:

  • Reading, updating or deleting arbitrary data from the database
  • Collect sensitive information about the backend server configuration

To avoid this vulnerability;

  • Sanitize user-supplied input and strictly check its type
  • Use most recent version of MongoDB.

Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works