Vulnerabilities > CVE-2020-36070 - Improper Preservation of Permissions vulnerability in Thecontrolgroup Voyager

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

thecontrolgroup

CWE-281

critical

NVD

Published: 2023-04-26

Updated: 2023-05-05

Summary

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.

Vulnerable Configurations

Part	Description	Count
Application	Thecontrolgroup Thecontrolgroup Voyager - Thecontrolgroup Voyager 0.11.14 Thecontrolgroup Voyager 1.0.0 Thecontrolgroup Voyager 1.0.1 Thecontrolgroup Voyager 1.0.2 Thecontrolgroup Voyager 1.0.3 Thecontrolgroup Voyager 1.0.4 Thecontrolgroup Voyager 1.0.5 Thecontrolgroup Voyager 1.0.6 Thecontrolgroup Voyager 1.0.7 Thecontrolgroup Voyager 1.0.8 Thecontrolgroup Voyager 1.0.9 Thecontrolgroup Voyager 1.0.10 Thecontrolgroup Voyager 1.0.11 Thecontrolgroup Voyager 1.0.12 Thecontrolgroup Voyager 1.0.13 Thecontrolgroup Voyager 1.0.14 Thecontrolgroup Voyager 1.0.15 Thecontrolgroup Voyager 1.0.16 Thecontrolgroup Voyager 1.0.17 Thecontrolgroup Voyager 1.1.0 Thecontrolgroup Voyager 1.1.1 Thecontrolgroup Voyager 1.1.2 Thecontrolgroup Voyager 1.1.3 Thecontrolgroup Voyager 1.1.4 Thecontrolgroup Voyager 1.1.5 Thecontrolgroup Voyager 1.1.6 Thecontrolgroup Voyager 1.1.7 Thecontrolgroup Voyager 1.1.8 Thecontrolgroup Voyager 1.1.9 Thecontrolgroup Voyager 1.1.10 Thecontrolgroup Voyager 1.1.11 Thecontrolgroup Voyager 1.1.12 Thecontrolgroup Voyager 1.2.0 Thecontrolgroup Voyager 1.2.1 Thecontrolgroup Voyager 1.2.2 Thecontrolgroup Voyager 1.2.3 Thecontrolgroup Voyager 1.2.4 Thecontrolgroup Voyager 1.2.5 Thecontrolgroup Voyager 1.2.6 Thecontrolgroup Voyager 1.2.7 Thecontrolgroup Voyager 1.3.0 Thecontrolgroup Voyager 1.3.1 Thecontrolgroup Voyager 1.3.2	44

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://github.com/the-control-group/voyager/