CVE-2013-5107

Name of the Vulnerable Software and Affected Versions RockMongo versions 1.1.5 and earlier

Description The issue allows remote attackers to read arbitrary files by exploiting a directory traversal vulnerability. This can be achieved by including a .. (dot dot) in the ROCK LANG cookie, as seen in a login.index action to "index.php".

Recommendations For RockMongo versions 1.1.5 and earlier, consider restricting access to the ROCK LANG cookie to minimize the risk of exploitation until a patch is available. Avoid using the ROCK LANG cookie with untrusted input in the "index.php" endpoint.