CVE-2026-3022 · CVEKit

cve.orgen

399 chars

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.

NVDen

399 chars

Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting special NoSQL commands, resulting in the attacker being able to obtain customer reports.

NVDes

420 chars

Vulnerabilidad de inyección SQL no relacional (NoSQLi) en la aplicación web Wakyma, específicamente en el endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. Esta vulnerabilidad podría permitir a un usuario autenticado alterar una solicitud POST al endpoint afectado con el propósito de inyectar comandos NoSQL especiales, lo que resultaría en que el atacante pueda obtener informes de clientes.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0	Primary	cve.org	7.1	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N