CVE-2020-36070

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Voyager versions 1.4 and earlier

Description The issue allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. This is due to an Insecure Permission vulnerability.

Recommendations For Voyager versions 1.4 and earlier, consider restricting access to the media component to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

CVE-2020-36070

GHSA-2X3R-7JGM-GH8X

Affected Products

Voyager

CVE-2020-36070

Weakness Enumeration

Related Identifiers

Affected Products

References · 7