漏洞描述
mongo-express是一款用于交互式管理MongoDB数据库的、基于Web的轻量级管理界面。mongo-express0.54.0之前版本中存在安全漏洞。攻击者可借助使用toBSON方法的端点利用该漏洞执行代码。
MongoDB mongo-express远程代码执行漏洞(CVE-2019-10758)
PoC代码
暂无相关漏洞推荐
- POC MongoDB 存在未授权内存泄露漏洞(CVE-2025-14847)
- MongoDB Zlib 信息泄露漏洞(CVE-2025-14847)
- MongoDB Zlib 压缩协议远程未授权堆内存泄露漏洞(CVE-2025-14847)
- POC CVE-2019-10758: mongo-express Remote Code Execution
- POC CVE-2020-24391: Mongo-Express - Remote Code Execution
- POC CVE-2021-32820: Express-handlebars - Local File Inclusion
- POC CVE-2022-24627: AudioCodes Device Manager Express - SQL Injection
- POC CVE-2024-2876: Wordpress Email Subscribers by Icegram Express - SQL Injection
- POC CVE-2024-4295: Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
- POC CVE-2019-10758: Mongo-Express Remote Code Execution
- POC ec2-unrestricted-mongodb: Unrestricted MongoDB Access in EC2
- POC azure-nsg-mongodb-unrestricted: Unrestricted MongoDB Access in Azure NSGs
- POC rockmongo-default-password: Rockmongo Default Password