Description

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Remediation

References

CVE-2016-6494

Related Vulnerabilities

PleskLin Other Vulnerability (CVE-2013-0133)

WordPress Plugin Side Menu-add fixed side buttons SQL Injection (3.1.3)

Drupal Core 6.x Local File Inclusion (6.0 - 6.9)

WordPress Plugin Form Builder CP Cross-Site Scripting (1.2.14)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)

Severity

Medium

Classification

CVE-2016-6494 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities