Cyber Resilience

CVE-2024-55417

MediumPublic PoC

Published: 30 January 2025

Published
30 January 2025
Modified
23 May 2025
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.1776 95.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55417 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Thecontrolgroup Voyager. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

DevDojo Voyager through version 1.8.0 is vulnerable to file-type verification bypass in its media upload handler at the /admin/media/upload endpoint. The flaw, tracked as CWE-434, resides in the VoyagerMediaController and permits an authenticated user to supply a file whose true type is not properly enforced before storage.

An attacker with a low-privileged authenticated account can upload a web shell through this path, resulting in arbitrary code execution on the underlying server. The CVSS 4.3 vector reflects network access with low attack complexity and no user interaction, though the impact is limited to integrity changes.

The associated EPSS score rose from a low baseline to a peak of 0.2472 before settling at 0.1776, indicating measurable post-disclosure exploitation interest. Public references include the affected controller logic and a SonarSource analysis of Voyager weaknesses, but no official patch or mitigation guidance is provided in the available references.

EU & UK References

Vulnerability details

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

The vulnerability enables authenticated users to bypass MIME type verification in the media upload functionality, allowing the upload of polyglot web shells (e.g., PHP embedded in allowed image formats) for arbitrary code execution (T1100: Web Shell).

CVEs Like This One

CVE-2024-55415Same product: Thecontrolgroup Voyager
CVE-2026-22241Shared CWE-434
CVE-2025-23942Shared CWE-434
CVE-2026-4808Shared CWE-434
CVE-2024-56264Shared CWE-434
CVE-2021-35485Shared CWE-434
CVE-2024-56249Shared CWE-434
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434

Affected Assets

thecontrolgroup
voyager
≤ 1.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces file type validation at the /admin/media/upload input point to prevent bypassing restrictions and uploading dangerous files like web shells.

prevent

Mandates identification and correction of the specific flaw in VoyagerMediaController.php that enables file type verification bypass.

preventdetect

Scans uploaded files for malicious code such as web shells, providing defense-in-depth if file type validation fails.

References