CVE-2020-36070

Published: Apr 26, 2023Modified: Feb 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.

Affected (1)

Products: Thecontrolgroup: Voyager

Thecontrolgroup

1 product

Voyager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thecontrolgroup Voyager	Before 1.4.0

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://github.com/the-control-group/voyager/

Source: cve@mitre.org

Product

https://github.com/the-control-group/voyager/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.