Lucene search

[email protected]NVD:CVE-2023-50917

HistoryDec 15, 2023 - 5:15 p.m.

CVE-2023-50917

2023-12-1517:15:12

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-50917

majordomo

command execution

thumb.php shell metacharacters

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.816

Percentile

98.4%

JSON

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.

Affected configurations

Nvd

Node

mjdmmajordomoRange<2023-11-15

VendorProductVersionCPE
mjdmmajordomo*cpe:2.3:a:mjdm:majordomo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mjdm	majordomo	*	cpe:2.3:a:mjdm:majordomo::::::::

References

packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html

packetstormsecurity.com/files/176669/MajorDoMo-Command-Injection.html

seclists.org/fulldisclosure/2023/Dec/19

github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178

github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.816

Percentile

98.4%

JSON

Related for NVD:CVE-2023-50917

prion1 nuclei1 cnvd1 osv1 githubexploit1 packetstorm2 zdt2 cve1 metasploit1 cvelist1