What is CVE-2023-50917?

CVE-2023-50917 is a vulnerability in N/a. Published 2023-12-15.

Is CVE-2023-50917 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-50917

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Chocapikk/CVE-2023-50917
rapid7/metasploit-framework
Chocapikk/Chocapikk
Chocapikk/My-CVEs
Chocapikk/msf-exploit-collection
nomi-sec/PoC-in-GitHub

References

github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178
github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac
20231219 Disclosure of CVE-2023-50917: RCE Vulnerability in MajorDoM (mailing-list)
packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html
packetstormsecurity.com/files/176669/MajorDoMo-Command-Injection.html

Frequently asked questions

What is CVE-2023-50917?: CVE-2023-50917 is a vulnerability in N/a. Published 2023-12-15.
Is CVE-2023-50917 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.