43 matches found
GHSA-35P2-5VRH-M3P6 DevDojo Voyager Arbitrary File Write
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server...
GHSA-MM49-4F2G-C3WF DevDojo Voyager vulnerable to reflected Cross-site Scripting
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...
GHSA-J63M-2VR6-FV7M DevDojo Voyager vulnerable to path traversal
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...
CVE-2024-55417
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server...
CVE-2024-55415
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...
CVE-2024-55417
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server...
CVE-2024-55416
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...
CVE-2024-55415
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...
CVE-2024-55416
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...
CVE-2024-55415
CVE-2024-55415 affects DevDojo Voyager
CVE-2024-55416
Summary: CVE-2024-55416 affects DevDojo Voyager up to version 1.8.0. The issue is a reflected Cross-Site Scripting (XSS) vulnerability triggered via the /admin/compass endpoint, requiring an authenticated user to click a crafted link. The attack can execute arbitrary JavaScript in the administrat...
CVE-2024-55416
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...
PT-2025-1308
Name of the Vulnerable Software and Affected Versions DevDojo Voyager versions 1.8.0 and earlier Description The issue allows an attacker to gain access to sensitive information through path traversal at the "/admin/compass" API endpoint. This vulnerability is related to errors in handling relati...
CVE-2024-55417
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server...
CVE-2024-55415
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...
CVE-2024-55417
DevDojo Voyager
CVE-2024-55416
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...
CVE-2024-55415
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass...
CVE-2024-55417
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server...
PT-2025-1306 · Devdojo · Devdojo Voyager
Name of the Vulnerable Software and Affected Versions: DevDojo Voyager versions 1.8.0 and earlier Description: The issue allows an authenticated user to bypass file type verification when uploading a file via the "/admin/media/upload" endpoint. This can lead to the upload of a web shell, resultin...