CVE-2024-55417

MediumPublic PoC

Published: 30 January 2025

Published

30 January 2025

Modified

23 May 2025

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score 0.2302 95.9th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

Security Summary

CVE-2024-55417 is a vulnerability in DevDojo Voyager through version 1.8.0 that enables bypassing file type verification during file uploads via the /admin/media/upload endpoint. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), affects the VoyagerMediaController component and has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

An authenticated user with access to the admin media upload functionality can exploit this issue by uploading a malicious file, such as a web shell, leading to arbitrary code execution on the server.

Advisories reference the vulnerable code in VoyagerMediaController.php at line 238 (version 1.6) on GitHub and a SonarSource blog post detailing the Voyager vulnerabilities.

Details

CWE(s): CWE-434

Affected Products

thecontrolgroup

voyager

≤ 1.8.0

MITRE ATT&CK Enterprise Techniques

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

The vulnerability enables authenticated users to bypass MIME type verification in the media upload functionality, allowing the upload of polyglot web shells (e.g., PHP embedded in allowed image formats) for arbitrary code execution (T1100: Web Shell).

References

https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerMediaController.php#L238
Product · cve@mitre.org
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Exploit, Third Party Advisory · cve@mitre.org