Security News > 2025 > January > Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
2025-01-30 07:21
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The
News URL
https://thehackernews.com/2025/01/unpatched-php-voyager-flaws-leave.html
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)