Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
« When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server, » Sonar researcher Yaniv Nizry said in a write-up published earlier this week.
The