6 matches found
OS Command Injection
tcg/voyager is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation of input passed to a specific PHP Artisan command, allowing authenticated administrators to execute arbitrary OS commands in Laravel 8 or later...
CVE-2025-32931
DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...
CVE-2025-32931
DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command...
PT-2025-16258 · Devdojo +1 · Devdojo Voyager +1
Name of the Vulnerable Software and Affected Versions: DevDojo Voyager versions 1.4.0 through 1.8.0 Description: The issue allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command when Laravel 8 or later is used. Recommendations: For DevDojo Voyager...
CVE-2025-32931
CVE-2025-32931 affects DevDojo Voyager versions 1.4.0–1.8.0. When Laravel 8+ is used, authenticated administrators can execute arbitrary OS commands via a specific php artisan command (linked to the Compass admin tooling). Technical details in connected sources point to a vulnerable command imple...
Design/Logic Flaw
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APPKEY ...