Jan 30, 2025Ravie LakshmananWeb Security / Risk
The open-source PHP offer contains three security shortcomings that could be exploited by an intruder to execute one-click distant script on damaged cases.
In a write-up published earlier this year, Sonar scientist Yaniv Nizry claimed that when an authorized Voyager user clicks on a malicious website, attackers can execute arbitrary code on the server.
Below is a list of the identified problems that remain unsolved despite responsible disclosure on September 11, 2024.
- CVE-2024-55417- An arbitrary file write vulnerability in the” /admin/media/upload” endpoint
- CVE-2024-55416- A reflected cross-site scripting ( XSS) vulnerability in the” /admin/compass” endpoint
- CVE-2024-55415- An arbitrary file leak and deletion vulnerability
A malicious hacker could use the media upload feature on Voyager to upload a malicious file in a way that doesn’t violate MIME type verification and uses a to trick the server into processing it as a PHP script, leading to remote code execution.
]embedded content]
The vulnerability could also be associated with CVE-2024-55416, making it a crucial threat that results in malicious code execution when a victim clicks on a malicious link.
” This means that if an authenticated user clicks on a specially crafted link, arbitrary JavaScript code can be executed”, Nizry explained. In response, an attacker can take any subsequent actions in the context of the victim.
On the other hand, CVE-2024-55415 concerns a flaw in the file management system that allows threat actors to remove arbitrary files from the system or use it in conjunction with the XSS vulnerability to extract the files ‘ contents.
Users are advised to use caution when using the project in their applications in the absence of a fix.
Found this article interesting? Follow us on and Twitter to access more exclusive content we post.