Skip to content

Security Test: NoSQL Injection via Frontend

Description

Default Severity:

NoSQL injection is when attackers insert malicious code into user inputs to manipulate a database query in ways you didn't intend. If the application builds queries by directly using unsanitized input, an attacker can trick it into showing or changing sensitive data, causing disruption or full control over the database. Developers often mistakenly trust that NoSQL queries are safe just because they aren't SQL, so not properly validating or filtering input can lead to big security risks.

Reference:

Configuration

Identifier: frontend_injection/nosql

Examples

All configuration available:

checks:
  frontend_injection/nosql:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API9:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.1
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-6
CWE 943
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CVSS Score 9.4