Description
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
Remediation
References
Related Vulnerabilities
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169)
WordPress Plugin Import and export users and customers Cross-Site Scripting (1.14.1.2)
WordPress 0.7 Posts SQL Injection Vulnerability (0.7)
Apache 2.x version older than 2.2.6
WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)