Lucene search

GoogleOSV:CVE-2023-50917

HistoryDec 15, 2023 - 5:15 p.m.

CVE-2023-50917

2023-12-1517:15:12

Google

osv.dev

cve-2023-50917

majordomo

command execution

thumb.php

shell metacharacters

software security

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.816

Percentile

98.4%

JSON

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.

References

packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html

packetstormsecurity.com/files/176669/MajorDoMo-Command-Injection.html

seclists.org/fulldisclosure/2023/Dec/19

github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178

github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.816

Percentile

98.4%

JSON

Related for OSV:CVE-2023-50917