Description
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
References (1)
Core 1
Core References
Exploit x_refsource_misc
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt
Scores
EPSS
0.0183
EPSS Percentile
76.3%
Details
CWE
CWE-22
Status
published
Products (18)
rockmongo/rockmongo
1.0
rockmongo/rockmongo
1.0.1
rockmongo/rockmongo
1.0.2
rockmongo/rockmongo
1.0.3
rockmongo/rockmongo
1.0.4
rockmongo/rockmongo
1.0.5
rockmongo/rockmongo
1.0.6
rockmongo/rockmongo
1.0.7
rockmongo/rockmongo
1.0.8
rockmongo/rockmongo
1.0.9
... and 8 more
Published
Dec 14, 2013
Tracked Since
Feb 18, 2026