Security News > 2025 > January > Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
2025-01-30 07:21
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The
News URL
https://thehackernews.com/2025/01/unpatched-php-voyager-flaws-leave.html
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)