CVE-2023-50917

CRITICAL EXPLOITED NUCLEI

Mjdm Majordomo < 2023-11-15 - Command Injection

Title source: rule

Description

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.

Exploits (3)

nomisec WORKING POC 14 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2023-50917
vulncheck_xdb WRITEUP
remote
https://github.com/Chocapikk/Chocapikk
metasploit WORKING POC EXCELLENT
by Valentin Lobstein, smcintyre-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/majordomo_cmd_inject_cve_2023_50917.rb

Nuclei Templates (1)

MajorDoMo thumb.php - OS Command Injection
CRITICALVERIFIEDby DhiyaneshDK
Shodan: http.favicon.hash:1903390397
FOFA: app="MajordomoSL" || app="majordomosl" || icon_hash=1903390397

References (5)

Scores

CVSS v3 9.8
EPSS 0.9264
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-17
CWE
CWE-77
Status published
Products (1)
mjdm/majordomo < 2023-11-15
Published Dec 15, 2023
Tracked Since Feb 18, 2026