FlagThis

Three critical vulnerabilities have been discovered in the open-source PHP package Voyager, a tool used for managing Laravel applications. These flaws allow for one-click remote code execution (RCE), potentially exposing a wide range of systems to attacks. The vulnerabilities impact Voyager’s media upload feature, allowing attackers to bypass MIME type verification and upload malicious PHP code disguised as an image or video, which then executes when processed by the server. This combined with a cross-site scripting flaw means simply clicking on a malicious link, would be enough for attackers to take over the server of an authenticated user.

The identified vulnerabilities, tracked as CVE-2024-55417, CVE-2024-55416, and CVE-2024-55415, include an arbitrary file write vulnerability, a reflected cross-site scripting (XSS) flaw and a file leak and deletion issue. These unpatched vulnerabilities pose a significant threat. The researchers at SonarSource attempted to notify the Voyager maintainers, but received no response within the 90-day disclosure window, and published details of the flaws to warn users of the potential security risk. Users are urged to exercise extreme caution while using the unpatched package.

ImgSrc: i0.wp.com

References :

• ciso2ciso.com: PHP package Voyager flaws expose to one-click RCE exploits – Source: securityaffairs.com
• BleepingComputer: Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks.
• securityaffairs.com: PHP package Voyager flaws expose to one-click RCE exploits
• The Hacker News: Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
• www.bleepingcomputer.com: Laravel admin package Voyager vulnerable to one-click RCE flaw

Classification:

• HashTags: #Voyager #PHP #RCE
• Company: Voyager
• Target: Laravel applications using Voyager
• Product: Voyager
• Feature: Admin interface
• Type: Vulnerability
• Severity: Critical