Latest Cyber Security News

You are here: Home / General Cyber Security News / Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
January 30, 2025

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.

“When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server,” Sonar researcher Yaniv Nizry said in a write-up published earlier this week.

Cybersecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The identified issues, which remain unpatched to date despite responsible disclosure on September 11, 2024, are listed below –

  • CVE-2024-55417 – An arbitrary file write vulnerability in the “/admin/media/upload” endpoint
  • CVE-2024-55416 – A reflected cross-site scripting (XSS) vulnerability in the “/admin/compass” endpoint
  • CVE-2024-55415 – An arbitrary file leak and deletion vulnerability

A malicious attacker could leverage Voyager’s media upload feature to upload a malicious file in a manner that bypasses MIME type verification, and make use of a polyglot file that appears as an image or video but contains executable PHP code to trick the server into processing it as a PHP script, thereby resulting in remote code execution.

The vulnerability could also be chained with CVE-2024-55416, elevating it into a critical threat that leads to code execution when a victim clicks on a malicious link.

Cybersecurity

“This means that if an authenticated user clicks on a specially crafted link, arbitrary JavaScript code can be executed,” Nizry explained. “As a result, an attacker can perform any subsequent action in the context of the victim.”

CVE-2024-55415, on the other hand, concerns a flaw in the file management system that enables threat actors to wipe arbitrary files from the system, or exploit it in conjunction with the XSS vulnerability to extract the contents of the files.

In the absence of a fix, users are advised to exercise caution when using the project in their applications.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *