CVE-2024-55417

Name of the Vulnerable Software and Affected Versions DevDojo Voyager versions 1.8.0 and earlier

Description The issue allows an authenticated user to bypass file type verification when uploading a file via the "/admin/media/upload" endpoint. This can lead to the upload of a web shell, resulting in arbitrary code execution on the server. The vulnerability is being actively exploited.

Recommendations For DevDojo Voyager versions 1.8.0 and earlier, as a temporary workaround, consider disabling the file upload functionality via the "/admin/media/upload" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.