Security News > 2025 > January > Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
2025-01-30 07:21
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The
News URL
https://thehackernews.com/2025/01/unpatched-php-voyager-flaws-leave.html
Related news
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Mitel 0-day, 5-year-old Oracle RCE bug under active exploit (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation (source)