Laravel admin package Voyager vulnerable to one-click RCE flaw

Laravel admin package Voyager vulnerable to one-click RCE flaw
Summary: Three vulnerabilities in the open-source PHP package Voyager could lead to remote code execution when an authenticated user interacts with malicious links. Reports of these vulnerabilities went unanswered by the maintainers within the 90-day disclosure period. Affected users are advised to take preventive measures as these flaws remain unpatched.

Affected: Voyager package for Laravel applications

Keypoints :

  • Three critical vulnerabilities, CVE-2024-55417, CVE-2024-55416, and CVE-2024-55415, are discovered that could lead to remote code execution and unauthorized file manipulation.
  • SonarSource attempted to notify Voyager maintainers through various channels but received no response before the public disclosure deadline.
  • Users are advised to limit access, implement stricter security measures, and consider alternative solutions until official patches are released.

Source: https://www.bleepingcomputer.com/news/security/laravel-admin-package-voyager-vulnerable-to-one-click-rce-flaw/