Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
Vulnerability Description
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method through the /objects/?module=saverestore endpoint without authentication because it uses gr('mode') (which reads directly from $_REQUEST) instead of the framework's $this->mode. An attacker can poison the system update URL via the auto_update_settings mode handler, then trigger the force_update handler to initiate the update chain. The autoUpdateSystem() method fetches an Atom feed from the attacker-controlled URL with trivial validation, downloads a tarball via curl with TLS verification disabled (CURLOPT_SSL_VERIFYPEER set to FALSE), extracts it using exec('tar xzvf ...'), and copies all extracted files to the document root using copyTree(). This allows an attacker to deploy arbitrary PHP files, including webshells, to the webroot with two GET requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
MajorDoMo 安全漏洞
Vulnerability Description
MajorDoMo是MajorDoMo社区的一个开源DIY智能家居自动化平台。 MajorDoMo存在安全漏洞,该漏洞源于saverestore模块通过/objects/?module=saverestore端点公开其admin()方法而无需身份验证,攻击者可毒化系统更新URL,然后触发force_update处理程序来启动更新链,该方法从攻击者控制的URL获取Atom源,下载tarball,提取并复制所有提取的文件到文档根目录,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A