A critical supply chain vulnerability in MajorDoMo allows unauthenticated attackers to hijack the system update process and deploy webshells by poisoning the update URL.

This unauthenticated RCE vulnerability exists in the saverestore module. An attacker can use a crafted request to change the system's update URL to a malicious server, then trigger a "force update" that downloads and extracts an unverified tarball containing arbitrary PHP files into the webroot.

This vulnerability is assigned a CVSS score of 9.8 due to the ease with which an attacker can achieve full system compromise. By poisoning the update mechanism, an attacker can gain persistent access through webshells, bypass all traditional security controls, and effectively own the entire MajorDoMo environment and its data.

Immediate Action: Update to the latest version of MajorDoMo, which includes improved authentication checks and secure update verification.

Proactive Monitoring: Monitor network traffic for outbound connections to unknown or suspicious update servers and check the webroot for newly created or modified PHP files.

Compensating Controls: Use egress filtering to restrict the server's ability to communicate with unauthorized external IP addresses and implement file integrity monitoring (FIM).

Public Exploit Available: No

The ability to redirect system updates to a malicious source is a severe architectural flaw. Organizations must apply the latest security updates immediately. Furthermore, ensure that the system is not exposed to the public internet without additional layers of authentication, such as a reverse proxy or VPN.