The vulnerability affects MongoDB Server versions prior to 5.0.27, 6.0.16, 7.0.12, and 7.3.3, MongoDB C Driver versions before 1.26.2, and PHP Driver versions prior to 1.18.1. The flaw is specific to Windows environments and allows attackers to execute arbitrary behavior, leading to unauthorized control of affected systems. Exploiting this vulnerability requires low privileges and user interaction, making it a significant risk to confidentiality, integrity, and availability.
Organizations using these MongoDB versions should prioritize updating to the latest patched versions to prevent exploitation. The updates address the vulnerability by properly validating files from untrusted directories.
Given the risks associated with this flaw, immediate action is recommended to secure systems against potential attacks.
Source: Cyber Security News
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.