CVE-2024-55417 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. A…
Medium CVSS: 4.3

CVE-2024-55417

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
Vendor
Thecontrolgroup
Product
Voyager
CWE
CWE-434
Yayın Tarihi
2025-01-30 15:15:17
Güncelleme
2025-05-23 16:24:05
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-434 Voyager MEDIUM Thecontrolgroup 2025

Referanslar

https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerMediaController.php#L238 https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/