2026-03-16 10:11:30
INCIBE
PUBLISHED
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint vets.wakyma.com/hospitalization/generate-hospitalization-summary. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.