Balgogan

**Name of the Vulnerable Software and Affected Versions** MajorDoMo version before 0662e5e **Description** The issue is related to the `thumb.php` module in MajorDoMo, which allows command execution via shell metacharacters. This can be exploited by a remote attacker to execute arbitrary commands. The vulnerability is unrelated to the Majordomo mailing-list manager. Attackers could compromise physical security systems, gain unauthorized access to surveillance cameras, and even hijack other connected IoT devices. **Recommendations** For MajorDoMo version before 0662e5e, consider disabling the `thumb.php` module until a patch is available to prevent command execution via shell metacharacters. Restrict access to the `thumb` module to minimize the risk of exploitation. Avoid using the `thumb.php` module in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.