If you are using PHP, yes, you may suffer with SQL Injection, however, the format that is used to write data in MongoDB (BSON) is a format where your query is interpreted as an object and not as a string, so it is free of SQL Injection.
Some other policies can be taken to make a SQL Injection possible as:
1) Put in the configuration file on the server side the "security.javascriptEnabled" directive
2) Use with caution the "$ where" "db.eval ()" "mapReduce" and "group" commands as they allow arbitrary javascript to be run
3) Escape the reserved operators "$" and "."
4) If you use PHP together with Mongo, you can look at this link with several security tips link
Reference in link
I hope I have helped.