diff --git a/src/main/java/org/springframework/samples/petclinic/owner/MongoDBQueryHandler.java b/src/main/java/org/springframework/samples/petclinic/owner/MongoDBQueryHandler.java
new file mode 100644
index 000000000..ad24fb5b8
--- /dev/null
+++ b/src/main/java/org/springframework/samples/petclinic/owner/MongoDBQueryHandler.java
@@ -0,0 +1,44 @@
+package org.springframework.samples.petclinic.owner;
+
+import com.mongodb.MongoClient;
+import com.mongodb.client.MongoCollection;
+import com.mongodb.client.MongoDatabase;
+import org.bson.Document;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class MongoDBQueryHandler {
+
+	private static final String DB_URL = "localhost"; // Cambia esto según tu
+														// configuración
+
+	private static final int DB_PORT = 27017;
+
+	private static final String DB_NAME = "myDatabase";
+
+	public void handleRequest(HttpServletRequest req, HttpServletResponse res) throws IOException {
+		String user = req.getParameter("user");
+		String city = req.getParameter("city");
+
+		if (user == null || city == null) {
+			res.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing parameters");
+			return;
+		}
+
+		try (MongoClient mongoClient = new MongoClient(DB_URL, DB_PORT)) {
+			MongoDatabase database = mongoClient.getDatabase(DB_NAME);
+			MongoCollection<Document> collection = database.getCollection("users");
+
+			Document query = new Document("user", user).append("city", city);
+			for (Document doc : collection.find(query)) {
+				System.out.println(doc.toJson()); // Manejar la salida según sea necesario
+			}
+		}
+		catch (Exception e) {
+			res.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Database error");
+		}
+	}
+
+}
diff --git a/src/main/java/org/springframework/samples/petclinic/owner/issue.java b/src/main/java/org/springframework/samples/petclinic/owner/issue.java
deleted file mode 100644
index c926f669d..000000000
--- a/src/main/java/org/springframework/samples/petclinic/owner/issue.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package org.springframework.samples.petclinic.owner;
-
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-
-public class issue {
-
-	// Ejemplo de método vulnerable que usa datos de usuario directamente en la consulta
-	// SQL
-	public ResultSet insecureLogin(Connection connection, String username, String password) throws SQLException {
-		String query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
-		Statement stmt = connection.createStatement();
-		return stmt.executeQuery(query); // SonarQube marcará esto como Blocker
-	}
-
-	// Método que expone la vulnerabilidad usando parámetros de request simulados
-	public ResultSet searchUsers(Connection connection, String searchTerm) throws SQLException {
-		String query = "SELECT * FROM users WHERE name = '" + searchTerm + "'";
-		Statement stmt = connection.createStatement();
-		return stmt.executeQuery(query); // Vulnerabilidad SQL Injection
-	}
-
-	// Uso peligroso con concatenación directa
-	public static void main(String[] args) {
-		try {
-			// Simulación de datos controlados por el usuario
-			String userInput = "admin' OR '1'='1";
-			String passInput = "fake' OR 'x'='x";
-
-			issue example = new issue();
-			ResultSet rs = example.insecureLogin(null, userInput, passInput);
-
-			// ... procesar resultados
-		}
-		catch (SQLException e) {
-			e.printStackTrace();
-		}
-	}
-
-}
\ No newline at end of file