Security Test: NoSQL Injection via Frontend¶
Description¶
Default Severity:
NoSQL injection is when attackers insert malicious code into user inputs to manipulate a database query in ways you didn't intend. If the application builds queries by directly using unsanitized input, an attacker can trick it into showing or changing sensitive data, causing disruption or full control over the database. Developers often mistakenly trust that NoSQL queries are safe just because they aren't SQL, so not properly validating or filtering input can lead to big security risks.
Reference:
Configuration¶
Identifier:
frontend_injection/nosql
Examples¶
All configuration available:
Compliance and Standards¶
Standard | Value |
---|---|
OWASP API Top 10 | API9:2023 |
OWASP LLM Top 10 | LLM06:2023 |
PCI DSS | 6.5.1 |
GDPR | Article-32 |
SOC2 | CC1 |
PSD2 | Article-95 |
ISO 27001 | A.14.2 |
NIST | SP800-53 |
FedRAMP | AC-6 |
CWE | 943 |
CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C |
CVSS Score | 9.4 |