NoSQL Injection
highnosql-injection
Attacker manipulates NoSQL queries through unsanitized input to access or modify data
TamperingInformation Disclosure
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1190 | Exploit Public-Facing Application | Initial Access |
Common Weakness Enumeration
Mitigating controls
ctrl-nosql-1- Validate and sanitize all user inputs
ctrl-nosql-2- Use parameterized queries where supported
ctrl-nosql-3- Implement schema validation
ctrl-nosql-4- Apply principle of least privilege for database access