CVE-2023-50917

Name of the Vulnerable Software and Affected Versions MajorDoMo version before 0662e5e

Description The issue is related to the thumb.php module in MajorDoMo, which allows command execution via shell metacharacters. This can be exploited by a remote attacker to execute arbitrary commands. The vulnerability is unrelated to the Majordomo mailing-list manager. Attackers could compromise physical security systems, gain unauthorized access to surveillance cameras, and even hijack other connected IoT devices.

Recommendations For MajorDoMo version before 0662e5e, consider disabling the thumb.php module until a patch is available to prevent command execution via shell metacharacters. Restrict access to the thumb module to minimize the risk of exploitation. Avoid using the thumb.php module in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.