CVE-2013-5107

RockMongo < 1.1.5 - Path Traversal via ROCK_LANG Cookie

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.

References (1)

Core 1
Core References

Scores

EPSS 0.0183
EPSS Percentile 76.3%

Details

CWE
CWE-22
Status published
Products (18)
rockmongo/rockmongo 1.0
rockmongo/rockmongo 1.0.1
rockmongo/rockmongo 1.0.2
rockmongo/rockmongo 1.0.3
rockmongo/rockmongo 1.0.4
rockmongo/rockmongo 1.0.5
rockmongo/rockmongo 1.0.6
rockmongo/rockmongo 1.0.7
rockmongo/rockmongo 1.0.8
rockmongo/rockmongo 1.0.9
... and 8 more
Published Dec 14, 2013
Tracked Since Feb 18, 2026