CVE-2024-55415
MEDIUM NUCLEIDevDojo Voyager < 1.8.0 - Path Traversal via /admin/compass
Title source: llmExploitation Summary
CVE-2024-55415 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.
Nuclei Templates (1)
DevDojo Voyager <=1.8.0 - Arbitrary File Read
HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan:
title:"Voyager"
References (3)
Core 3
Core References
Product
https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L44
Exploit, Third Party Advisory
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Scores
CVSS v3
5.7
EPSS
0.1443
EPSS Percentile
96.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
tcg/voyager
0Packagist
thecontrolgroup/voyager
< 1.8.0
Published
Jan 30, 2025
Tracked Since
Feb 18, 2026