DevDojo Voyager versions 1.4.0 through 1.8.0 are vulnerable to command injection at the /admin/compass endpoint.
An authenticated administrator can execute arbitrary system commands due to improper input handling.
✅ Impacted: 1.4.0 - 1.8.0 (running on Laravel 8 and later)
🔹 Disable the Compass feature (/admin/compass) if not required.
