漏洞描述
MongoDB是美国MongoDB公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB 2.4.0至2.4.4版本中的scripting/engine_v8.h文件中的find属性中存在拒绝服务漏洞。远程经过授权的攻击者可借助无效的RefDB对象利用该漏洞造成拒绝服务(未初始化指针引用和服务器崩溃)或可能执行任意代码。
MongoDB ‘conn’Mongo 对象远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-53900: Mongoose < 8.8.3 - Remote Code Execution
- POC CVE-2020-24391: Mongo-Express - Remote Code Execution
- POC CVE-2025-23061: Mongoose - NoSQL Injection
- POC CVE-2019-10758: Mongo-Express Remote Code Execution
- POC ec2-unrestricted-mongodb: Unrestricted MongoDB Access in EC2
- POC azure-nsg-mongodb-unrestricted: Unrestricted MongoDB Access in Azure NSGs
- POC file-mongodb-audit-log-disabled: MongoDB Audit Logging Disabled
- POC file-mongodb-auth-disabled: MongoDB Authentication Disabled
- POC file-mongodb-http-interface-enabled: MongoDB HTTP Interface Enabled
- POC file-mongodb-ssl-disabled: MongoDB SSL Disabled
- POC robomongo-credential: RoboMongo Credential - Exposure
- POC mongod-exposure: MongoD Server - Exposure
- POC mongodb-exporter-metrics: MongoDB Exporter - Detect