CVE-2024-55417

nvd nist nuclei

Published: Jan 30, 2025Modified: May 23, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.

Affected (1)

Products: Thecontrolgroup: Voyager

Thecontrolgroup

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thecontrolgroup Voyager	Up to 1.8.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerMediaController.php#L238

Source: cve@mitre.org

Product

https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.