Description

MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.

Remediation

References

CVE-2013-4650

Related Vulnerabilities

WordPress Plugin Responsive Clients Logo Gallery for WordPress-Smart Logo Showcase Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.7)

PHP Other Vulnerability (CVE-2006-4481)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1502)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9241)

Nginx Uncontrolled Resource Consumption Vulnerability (CVE-2018-16844)

Severity

Medium

Classification

CVE-2013-4650 CWE-264

Tags

Missing Update Known Vulnerabilities