4 matches found
Exploit for CVE-2026-27180
MajorDoMo RCE !Authorhttps://img.shields.io/badge/Author-Mo...
CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
CVE-2026-27180
CVE-2026-27180 — MajorDoMo supply chain RCE : Affected MajorDoMo allows unauthenticated remote code execution via a poisoned update URL. The saverestore admin endpoint at /objects/?module=saverestore is exposed because gr('mode') reads from $_REQUEST instead of the framework’s mode, enabling an a...
PT-2026-20516
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...