Categories
Brand

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

الخميس، 30 يناير 2025

The identified issues, which remain unpatched to date despite responsible disclosure on September 11, 2024, are listed below -

  • CVE-2024-55417 - An arbitrary file write vulnerability in the "/admin/media/upload" endpoint
  • CVE-2024-55416 - A reflected cross-site scripting (XSS) vulnerability in the "/admin/compass" endpoint
  • CVE-2024-55415 - An arbitrary file leak and deletion vulnerability

A malicious attacker could leverage Voyager's media upload feature to upload a malicious file in a manner that bypasses MIME type verification, and make use of a polyglot file that appears as an image or video but contains executable PHP code to trick the server into processing it as a PHP script, thereby resulting in remote code execution.

The vulnerability could also be chained with CVE-2024-55416, elevating it into a critical threat that leads to code execution when a victim clicks on a malicious link.

"This means that if an authenticated user clicks on a specially crafted link, arbitrary JavaScript code can be executed," Nizry explained. "As a result, an attacker can perform any subsequent action in the context of the victim."

CVE-2024-55415, on the other hand, concerns a flaw in the file management system that enables threat actors to wipe arbitrary files from the system, or exploit it in conjunction with the XSS vulnerability to extract the contents of the files.

In the absence of a fix, users are advised to exercise caution when using the project in their applications.

Leave your comment
*
*