Description
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
Remediation
References
Related Vulnerabilities
WordPress Plugin Float to Top Button Cross-Site Scripting (2.3.6)
WordPress Plugin Jammer Cross-Site Scripting (0.2)
Magento Improper Input Validation Vulnerability (CVE-2015-6497)
WordPress Plugin File Manager Unspecified Vulnerability (5.0.0)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)