CVE-2024-55417

Published Jan 30, 2025

Last updated 22 days ago

CVSS medium 4.3

Overview

Description
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-434

Social media

Hype score
Not currently trending

  1. CVE-2024-55417: One-Click RCE Vulnerability in Voyager Admin Panel, No Patch Critical vulnerabilities discovered in Voyager, an open-source #Laravel admin panel. Learn about the CVE-2024-55417 flaws and their impact on website security. https://t.co/RCslmyJeZ4

    @the_yellow_fall

    1 Feb 2025

    522 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. PHP Voyager flaws lead to RCE #PHPVoyager #CVE-2024-55415 #CVE-2024-55416 #CVE-2024-55417 https://t.co/GeluTmgMM4

    @pravin_karthik

    31 Jan 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Laravel admin package Voyager vulnerable to one-click RCE flaw: https://t.co/jHHbFb68Dy Three vulnerabilities in the Laravel admin package Voyager could lead to remote code execution (RCE) attacks. CVE-2024-55417 allows file uploads bypassing MIME verification, CVE-2024-55416… h

    @securityRSS

    30 Jan 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Laravelの管理用パッケージVoyagerにワンクリック遠隔コード実行(RCE)の未修正脆弱性。SonarSource社報告。メンテナから90日以内に応答が無かったための開示。メディアアップロードのMIME検証不備CVE-2024-55417、XSSのCVE-2024-55416、ファイルパス操作のCVE-2024-55415。 https://t.co/rVaCHJ7WMs https://t.co/mpL0cJfxqh

    @__kokumoto

    29 Jan 2025

    660 Impressions

    2 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  5. 📁 Using polyglot file and RXSS to achieve one-click RCE on a Voyager instance. Read more about how SonarQube Cloud detected CVE-2024-55417 in our latest blog post: https://t.co/U9MfSxBuJI #appsec #security #vulnerability

    @Sonar_Research

    28 Jan 2025

    2298 Impressions

    15 Retweets

    45 Likes

    20 Bookmarks

    0 Replies

    0 Quotes

References