2026-03-16 10:12:53
INCIBE
PUBLISHED
Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint vets.wakyma.com/pets/print-tags. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands, allowing them to list both pets and owner names.