File: 34.md

package info (click to toggle)
python-vulndb 0.1.3-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye
  • size: 1,020 kB
  • sloc: python: 447; sh: 196; makefile: 2
file content (13 lines) | stat: -rw-r--r-- 612 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
 
A NoSQL injection occurs when a value originating from the client's
request is used within a NoSQL call without prior sanitisation.

This
can allow cyber-criminals to execute arbitrary NoSQL code and thus
steal data, or use the additional functionality of the database server
to take control of further server components.

The tool discovered that
the affected page and parameter are vulnerable. This injection was
detected as the tool was able to inject specific NoSQL queries that if
vulnerable result in the responses for each injection being different.
This is known as a blind NoSQL injection vulnerability.