Description
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Popup by Supsystic Cross-Site Request Forgery (1.7.8)
WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (2.1)
Jetty Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-28163)
WordPress Plugin Secure File Manager Arbitrary File Upload (2.9.3)