CVE-2023-50917

CRITICAL EXPLOITED NUCLEI

MajorDoMo < 2023-11-15 - Remote Code Execution via thumb.php Shell Metacharacters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-50917 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Chocapikk, Valentin Lobstein, smcintyre-r7, including a Metasploit module exploits/linux/http/majordomo_cmd_inject_cve_2023_50917. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2023-50917, an unauthenticated RCE vulnerability in MajorDoMo's thumb.php module. The exploit leverages unsanitized input in the 'transport' parameter to inject arbitrary commands via a crafted HTTP request.

Description

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.

Exploits (3)

nomisec WORKING POC 14 stars
by Chocapikk · remote
https://github.com/Chocapikk/CVE-2023-50917

The repository contains a functional exploit for CVE-2023-50917, an unauthenticated RCE vulnerability in MajorDoMo's thumb.php module. The exploit leverages unsanitized input in the 'transport' parameter to inject arbitrary commands via a crafted HTTP request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MajorDoMo (version not specified)
No auth needed
Prerequisites: Network access to the vulnerable MajorDoMo instance · MajorDoMo with the vulnerable thumb.php module exposed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
vulncheck_xdb WRITEUP
remote
https://github.com/Chocapikk/Chocapikk

This repository is a personal profile page for Valentin Lobstein (Chocapikk), a security researcher, listing their CVE contributions, including CVE-2023-50917. It does not contain exploit code but provides links to external resources (e.g., GitHub repos, blogs) for further details on vulnerabilities.

Classification
Writeup 90%
Attack Type
Other
Complexity
N/a
Reliability
N/a
Target: N/A
No auth needed
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Valentin Lobstein, smcintyre-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/majordomo_cmd_inject_cve_2023_50917.rb

This Metasploit module exploits a command injection vulnerability in MajorDoMo by sending a crafted GET request to the thumb.php endpoint, allowing arbitrary command execution via the 'transport' parameter. The module includes a check method to verify the target's vulnerability by testing a sleep command.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: MajorDoMo versions before 0662e5e
No auth needed
Prerequisites: Network access to the target's HTTP service
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

MajorDoMo thumb.php - OS Command Injection
CRITICALVERIFIEDby DhiyaneshDK
Shodan: http.favicon.hash:1903390397
FOFA: app="MajordomoSL" || app="majordomosl" || icon_hash=1903390397

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.9264
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-17
CWE
CWE-77
Status published
Products (1)
mjdm/majordomo < 2023-11-15
Published Dec 15, 2023
Tracked Since Feb 18, 2026