phpMoAdmin Detected
Summary#
Invicti identified that phpMoAdmin is publicly accessible on the target server. phpMoAdmin is an application written in the PHP language that provides a web-based interface for the administration of MongoDB databases.
Impact#
An attacker can access, modify or delete all MongoDB databases.
Remediation#
Configure your web server to prevent public access to the page by implementing access control mechanisms.
Classifications#
Invicti Security Insights
- Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul’s Security Weekly Podcast
- End of Support for PHP 5 and PHP 7.0
- The Powerful Resource of PHP Stream Wrappers
- Sven Morgenroth Talks About PHP Type Juggling on Paul’s Security Weekly Podcast
- Detailed Explanation of PHP Type Juggling Vulnerabilities