MongoDB CVE-2013-1892 Remote Code Injection Vulnerability
BID:58695
Info
MongoDB CVE-2013-1892 Remote Code Injection Vulnerability
| Bugtraq ID: | 58695 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1892 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2013 12:00AM |
| Updated: | Apr 13 2015 08:36PM |
| Credit: | SCRT Sec Team |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
MongoDB CVE-2013-1892 Remote Code Injection Vulnerability
MongoDB is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject and execute arbitrary code within the context of the affected application.
MongoDB 2.4.1 and prior are vulnerable.
MongoDB is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to inject and execute arbitrary code within the context of the affected application.
MongoDB 2.4.1 and prior are vulnerable.
Exploit / POC
MongoDB CVE-2013-1892 Remote Code Injection Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A Metasploit exploit module is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
A Metasploit exploit module is available:
Solution / Fix
MongoDB CVE-2013-1892 Remote Code Injection Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MongoDB CVE-2013-1892 Remote Code Injection Vulnerability
References:
References:
- mongodb �?? SSJI to RCE (SCRT)
- MongoDB Home Page (10gen)