EIP-2026-111789

PRE-CVE

RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111789. PoCs published by Ozer Goker.

AI-analyzed exploit summary This exploit demonstrates multiple XSS, HTML injection, and CSRF vulnerabilities in RockMongo v1.1.8. It provides detailed payloads and URLs for each vulnerability, confirming their existence and exploitability.

Description

RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Ozer Goker · textwebappsphp

https://www.exploit-db.com/exploits/39682

View Code ZIP pw:eip

This exploit demonstrates multiple XSS, HTML injection, and CSRF vulnerabilities in RockMongo v1.1.8. It provides detailed payloads and URLs for each vulnerability, confirming their existence and exploitability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: RockMongo v1.1.8

No auth needed

Prerequisites: Access to the RockMongo web interface

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026