Voyager is vulnerable to unauthorised file access. Any user with access to admin and compass can read or delete any files, allowing an attacker to steal .env file of the application and to sign his own new session and cookie with secret application key or just dropping the database, knowing username and password of the database.
CPE | Name | Operator | Version |
---|---|---|---|
tcg/voyager | le | 1.2.7 |