CVE-2024-55415

Published Jan 30, 2025

Last updated 10 months ago

CVSS medium 5.7
DevDojo Voyager

Overview

Description
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
Source
cve@mitre.org
NVD status
Analyzed
Products
voyager

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.7
Impact score
3.6
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-22

Social media

Hype score
Not currently trending

  1. Dragon Drop: NEW Releases 🚨🐉 🛡️ New module: → Defensive Cloud - Rainy Day Financial: https://t.co/XHEf5YBTun 🪲 New CVE labs: → CVE-2024-35374: https://t.co/smT4CkY5bQ → CVE-2024-55415_Attack: https://t.co/ouyRk0nr6W → CVE-2025-21624_Attack: https://t.co

    @offsectraining

    19 Sept 2025

    3854 Impressions

    4 Retweets

    30 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  2. Dragon Drop: NEW Releases 🚨🐉 🛡️ New modules: → Azure Object Storage: https://t.co/epboijI9zQ 🪲 New CVE labs: → CVE-2024-55415: https://t.co/EZ3Fn9WzZ3 → AgeGate: https://t.co/cbpszyCmih 🧪 Other new labs: → converter: https://t.co/TcoRGURhP0 → GALLERY

    @offsectraining

    20 Aug 2025

    2989 Impressions

    2 Retweets

    22 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  3. PHP Voyager の脆弱性 CVE-2024-55415/55416/55417:パッチ未適用の One-Click RCE https://t.co/I7cHZmYJEN PHP Voyager に3つの One-Click RCE 脆弱性が発見されましたが、現時点ではパッチが未適用とのことです。ご利用のチームは、ご注意ください。 このブログでは初登場の PHP Voyager… https://t.co/33ieXIlj4i

    @iototsecnews

    10 Feb 2025

    87 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. PHP Voyager flaws lead to RCE #PHPVoyager #CVE-2024-55415 #CVE-2024-55416 #CVE-2024-55417 https://t.co/GeluTmgMM4

    @pravin_karthik

    31 Jan 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Laravelの管理用パッケージVoyagerにワンクリック遠隔コード実行(RCE)の未修正脆弱性。SonarSource社報告。メンテナから90日以内に応答が無かったための開示。メディアアップロードのMIME検証不備CVE-2024-55417、XSSのCVE-2024-55416、ファイルパス操作のCVE-2024-55415。 https://t.co/rVaCHJ7WMs https://t.co/mpL0cJfxqh

    @__kokumoto

    29 Jan 2025

    660 Impressions

    2 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.CVE-2024-55417
  2. DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.CVE-2024-55416

References

Sources include official advisories and independent security research.