2 matches found
NoSQL injection in express-cart
Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection. The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query which...
SQL Injection
express-cart is vulnerable to SQL injection. A lack of user input sanitization in the login handlers allow attackers to inject MongoDB queries through the customer and admin login parameters. The vulnerability could be exploited to retrieve or modify arbitrary entries in the database...