Critical severityNVD Advisory· Published Apr 26, 2023· Updated Feb 3, 2025

CVE-2020-36070

Description

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tcg/voyagerPackagist	<= 1.4.0	—

Affected products

Yoyager/Yoyagerdescription
ghsa-coords
pkg:composer/tcg/voyager
Range: <= 1.4.0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-2x3r-7jgm-gh8xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-36070ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000