Latest Cyber Security News

You are here: Home / General Cyber Security News / Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
January 30, 2025

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.

“When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server,” Sonar researcher Yaniv Nizry said in a write-up published earlier this week.

Cybersecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The identified issues, which remain unpatched to date despite responsible disclosure on September 11, 2024, are listed below –

  • CVE-2024-55417 – An arbitrary file write vulnerability in the “/admin/media/upload” endpoint
  • CVE-2024-55416 – A reflected cross-site scripting (XSS) vulnerability in the “/admin/compass” endpoint
  • CVE-2024-55415 – An arbitrary file leak and deletion vulnerability

A malicious attacker could leverage Voyager’s media upload feature to upload a malicious file in a manner that bypasses MIME type verification, and make use of a polyglot file that appears as an image or video but contains executable PHP code to trick the server into processing it as a PHP script, thereby resulting in remote code execution.

The vulnerability could also be chained with CVE-2024-55416, elevating it into a critical threat that leads to code execution when a victim clicks on a malicious link.

Cybersecurity

“This means that if an authenticated user clicks on a specially crafted link, arbitrary JavaScript code can be executed,” Nizry explained. “As a result, an attacker can perform any subsequent action in the context of the victim.”

CVE-2024-55415, on the other hand, concerns a flaw in the file management system that enables threat actors to wipe arbitrary files from the system, or exploit it in conjunction with the XSS vulnerability to extract the contents of the files.

In the absence of a fix, users are advised to exercise caution when using the project in their applications.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *