RockMongo 'ROCK_LANG' Cookie Local File Include Vulnerability

RockMongo 'ROCK_LANG' Cookie Local File Include Vulnerability

RockMongo is prone to a local file-include vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible.

RockMongo 1.1.5 is vulnerable; other versions may also be affected.