CVE-2011-0049

NUCLEI

Majordomo <20110131 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michael Brooks · textremotemultiple
https://www.exploit-db.com/exploits/16103

Nuclei Templates (1)

Majordomo2 - SMTP/HTTP Directory Traversal
MEDIUMby pikpikcu

References (13)

Scores

EPSS 0.9058
EPSS Percentile 99.6%

Details

CWE
CWE-22
Status published
Products (30)
mj2/majordomo_2 20110101
mj2/majordomo_2 20110102
mj2/majordomo_2 20110103
mj2/majordomo_2 20110104
mj2/majordomo_2 20110105
mj2/majordomo_2 20110106
mj2/majordomo_2 20110107
mj2/majordomo_2 20110108
mj2/majordomo_2 20110109
mj2/majordomo_2 20110110
... and 20 more
Published Feb 04, 2011
Tracked Since Feb 18, 2026