Version: 3.5.1
Description
Unauthentication GraphQL Database Query refers to a vulnerability where unauthorized individuals can execute queries against a GraphQL database without proper authentication. This means that anyone, without providing valid credentials, can access and manipulate sensitive data stored in the database.
Proof of Concept
Step 1: Go to /graphql/
, insert payload GraphQL Database Query without authentication
Impact
The impact of an unauthenticated GraphQL database query includes unauthorized access to sensitive data, data manipulation or deletion, compromised data integrity, system unavailability, and damage to an organization's reputation.