Cyber Posture

CVE-2024-55417

MediumPublic PoC

Published: 30 January 2025

Published
30 January 2025
Modified
23 May 2025
KEV Added
Patch
CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.2302 96.0th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55417 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Thecontrolgroup Voyager. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 4.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly enforces file type validation at the /admin/media/upload input point to prevent bypassing restrictions and uploading dangerous files like web shells.

SI-2 Flaw Remediation good match
prevent

Mandates identification and correction of the specific flaw in VoyagerMediaController.php that enables file type verification bypass.

SI-3 Malicious Code Protection partial match
preventdetect

Scans uploaded files for malicious code such as web shells, providing defense-in-depth if file type validation fails.

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

The vulnerability enables authenticated users to bypass MIME type verification in the media upload functionality, allowing the upload of polyglot web shells (e.g., PHP embedded in allowed image formats) for arbitrary code execution (T1100: Web Shell).

NVD Description

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.

Deeper analysisAI

CVE-2024-55417 is a vulnerability in DevDojo Voyager through version 1.8.0 that enables bypassing file type verification during file uploads via the /admin/media/upload endpoint. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), affects the VoyagerMediaController component and has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

An authenticated user with access to the admin media upload functionality can exploit this issue by uploading a malicious file, such as a web shell, leading to arbitrary code execution on the server.

Advisories reference the vulnerable code in VoyagerMediaController.php at line 238 (version 1.6) on GitHub and a SonarSource blog post detailing the Voyager vulnerabilities.

Details

CWE(s)
CWE-434

Affected Products

thecontrolgroup
voyager
≤ 1.8.0

CVEs Like This One

CVE-2024-55415Same product: Thecontrolgroup Voyager
CVE-2024-56264Shared CWE-434
CVE-2024-56249Shared CWE-434
CVE-2026-4808Shared CWE-434
CVE-2026-22241Shared CWE-434
CVE-2025-23942Shared CWE-434
CVE-2020-36942Shared CWE-434
CVE-2024-57169Shared CWE-434
CVE-2023-53933Shared CWE-434
CVE-2025-68909Shared CWE-434

References