cve/2013/CVE-2013-4650.md

CVE-2013-4650

Description

MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.

POC

Reference

No PoCs from references.

Github

• https://github.com/Ch4p34uN0iR/mongoaudit
• https://github.com/gold1029/mongoaudit
• https://github.com/stampery/mongoaudit