CVE-2024-55417 Scanner

DevDojo Voyager is a Laravel-based content management system (CMS) that simplifies the management of website content and user roles. It is widely used by developers for building web applications with an easy-to-use admin panel. The software includes media management, user authentication, and database management features. Voyager is designed to provide a flexible backend solution for Laravel projects. It allows users to upload media files, manage permissions, and customize application settings. Due to its web-based nature, improper validation mechanisms can introduce security vulnerabilities.

The Arbitrary File Upload vulnerability in DevDojo Voyager through version 1.8.0 allows authenticated users to upload malicious files. The vulnerability is present in the `/admin/media/upload` endpoint, where file type verification can be bypassed. Attackers can exploit this flaw by uploading a web shell disguised as a valid file type. Once uploaded, the web shell can be used to execute arbitrary code on the server. This vulnerability poses a high risk as it allows attackers to gain remote control over the affected system. Proper security measures are required to mitigate this issue.

The vulnerability occurs due to insufficient validation of uploaded file types. An attacker can craft a specially formatted request to bypass file restrictions and upload executable PHP scripts. The uploaded files are stored in the `storage` directory, allowing them to be accessed and executed remotely. Attackers can use the uploaded script to run system commands, manipulate data, or escalate privileges. The flaw is triggered when the system fails to enforce strict content filtering on file uploads. This issue has been publicly disclosed, and affected organizations are urged to upgrade their Voyager installation.

Exploiting this vulnerability allows attackers to execute arbitrary commands on the server, leading to full system compromise. Malicious actors can use the uploaded web shell to gain persistent access, steal sensitive data, or deploy additional malware. The exposure of this vulnerability can lead to website defacement, data exfiltration, and unauthorized administrative access. Attackers may also leverage this issue to move laterally within the network. Organizations using DevDojo Voyager should take immediate action to secure their installations.

REFERENCES

• https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
• https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerMediaController.php#L238