Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint…
INCIBE·CWE-943·Published 2026-03-16
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.
Vulnerabilidad de inyección SQL no relacional (NoSQLi) en la aplicación web Wakyma, específicamente en el endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. Esta vulnerabilidad podría permitir a un usuario autenticado alterar una solicitud POST al endpoint afectado con el propósito de inyectar comandos NoSQL especiales, lo que resultaría en que el atacante pueda obtener informes de clientes.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | NVD | 6.5 | 2.8 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| 4.0 | Primary | cve.org | 7.1 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 7.1 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |