Open source PHP package Voyager discloses three security defects, which can be used by the attacker to achieve one -click remote cord execution in an affected instance.
“A certified Voyager user clicks a malicious link, and the attacker can execute any code on the server,” said Sonar researcher Yaniv NizRy in an article published earlier this week.
Despite the responsible disclosure on September 11, 2024, we will list the identified issues that have not been published so far.
CVE-2024-55417- “/Admin/Media/Upload” Endpoint CVE-2024-55416 Writing any file writing vulnerabilities- “/Admin/Compass” Endpoint CVE-2024 Reflected Cross Sight Section ) Vulnerability -55415- Vulnerability for any file leak and deletion
Malicious attackers upload malicious files by uploading MIME type verification by using the Voyager media upload function, and includes executable PHP code. You can use a polyglot file to process and process the server to do so. The Remote Code is executed in the PHP script.
Even if the vulnerability is chained by the CVE-2024-55416, it will lead to an important threat, and the victim clicks a malicious link will lead to code execution.
“This means that if you click on a specially created link, you can execute any JavaScript code,” NizRy explained. “As a result, the attacker can perform subsequent actions in the context of the victim.”
On the other hand, CVE-2024-55415 is related to the defects in the file management system, so the threat actor wipes any file from the system or extracts the contents of the file in combination with the XSS vulnerabilities. You can do it.
If there is no modification, we recommend that you pay attention when using the project in the application.
Source link
