CVE-2024-55415

Published Jan 30, 2025

Last updated 4 months ago

CVSS medium 5.7

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-55415 is a path traversal vulnerability affecting DevDojo Voyager versions 1.8.0 and below. The vulnerability is located within the `/admin/compass` endpoint. An unauthenticated attacker can exploit this flaw to navigate and access unintended directories. This could potentially lead to sensitive data exposure or server takeover.

Description
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
Source
cve@mitre.org
NVD status
Analyzed
Products
voyager

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.7
Impact score
3.6
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-22

Social media

Hype score
Not currently trending

  1. Dragon Drop: NEW Releases 🚨🐉 🛡️ New modules: → Azure Object Storage: https://t.co/epboijI9zQ 🪲 New CVE labs: → CVE-2024-55415: https://t.co/EZ3Fn9WzZ3 → AgeGate: https://t.co/cbpszyCmih 🧪 Other new labs: → converter: https://t.co/TcoRGURhP0 → GALLERY

    @offsectraining

    20 Aug 2025

    2989 Impressions

    2 Retweets

    22 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  2. PHP Voyager の脆弱性 CVE-2024-55415/55416/55417:パッチ未適用の One-Click RCE https://t.co/I7cHZmYJEN PHP Voyager に3つの One-Click RCE 脆弱性が発見されましたが、現時点ではパッチが未適用とのことです。ご利用のチームは、ご注意ください。 このブログでは初登場の PHP Voyager… https://t.co/33ieXIlj4i

    @iototsecnews

    10 Feb 2025

    87 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. PHP Voyager flaws lead to RCE #PHPVoyager #CVE-2024-55415 #CVE-2024-55416 #CVE-2024-55417 https://t.co/GeluTmgMM4

    @pravin_karthik

    31 Jan 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Laravelの管理用パッケージVoyagerにワンクリック遠隔コード実行(RCE)の未修正脆弱性。SonarSource社報告。メンテナから90日以内に応答が無かったための開示。メディアアップロードのMIME検証不備CVE-2024-55417、XSSのCVE-2024-55416、ファイルパス操作のCVE-2024-55415。 https://t.co/rVaCHJ7WMs https://t.co/mpL0cJfxqh

    @__kokumoto

    29 Jan 2025

    660 Impressions

    2 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.