漏洞描述
mongo-express的某些特定版本中存在远程代码执行漏洞。该漏洞是由于checkValid接口对用户输入数据缺乏有效的过滤导致的。
mongo-express CVE-2019-10758 远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2019-10758: mongo-express Remote Code Execution
- POC CVE-2020-24391: Mongo-Express - Remote Code Execution
- POC CVE-2021-32820: Express-handlebars - Local File Inclusion
- POC CVE-2022-24627: AudioCodes Device Manager Express - SQL Injection
- POC CVE-2024-2876: Wordpress Email Subscribers by Icegram Express - SQL Injection
- POC CVE-2024-4295: Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
- POC CVE-2019-10758: Mongo-Express Remote Code Execution
- POC ec2-unrestricted-mongodb: Unrestricted MongoDB Access in EC2
- POC azure-nsg-mongodb-unrestricted: Unrestricted MongoDB Access in Azure NSGs
- POC rockmongo-default-password: Rockmongo Default Password
- POC spring-expression-oob: Spring Expression Language - Out of Band Template Injection
- POC aliexpress-acs-csp-bypass: Content-Security-Policy Bypass - AliExpress ACS
- POC file-mongodb-audit-log-disabled: MongoDB Audit Logging Disabled