Sergejey Majordomo
8 CVEs affecting Sergejey Majordomo. Latest disclosed: 2026-02-18. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27180 | Critical | 9.8 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The save… |
CVE-2026-27175 | Critical | 9.8 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolat… |
CVE-2026-27174 | Critical | 9.8 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/p… |
CVE-2026-27179 | High | 8.2 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly… |
CVE-2026-27181 | High | 7.5 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method read… |
CVE-2026-27178 | High | 7.2 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox. The /obj… |
CVE-2026-27177 | High | 7.2 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intentionally unau… |
CVE-2026-27176 | Medium | 6.1 | 2026-02-18 | MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is rendered directly int… |