CVE-2020-37214

HIGH

Voyager 1.3.0 - Path Traversal via Asset Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37214. PoCs published by NgoAnhDuc.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Voyager 1.3.0 and below, allowing unauthorized access to sensitive files like /etc/passwd or Laravel's .env file. The vulnerability arises from insufficient sanitization of the 'path' parameter in the assets function.

Description

Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env configuration files.

Exploits (1)

exploitdb WORKING POC
by NgoAnhDuc · textwebappsphp
https://www.exploit-db.com/exploits/47875

This exploit demonstrates a directory traversal vulnerability in Voyager 1.3.0 and below, allowing unauthorized access to sensitive files like /etc/passwd or Laravel's .env file. The vulnerability arises from insufficient sanitization of the 'path' parameter in the assets function.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Voyager 1.3.0 and below
No auth needed
Prerequisites: Access to the target application's URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 7.5
EPSS 0.0061
EPSS Percentile 44.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
The Control Group/Voyager <= 1.3.0
Published Feb 11, 2026
Tracked Since Feb 18, 2026