CVE-2011-0049

Exp

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Published: 2011-02-04 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2011-0049

EPSS CVSS CWE Exploit-DB Affected

Conclusion & alert: CVE-2011-0049 is rated High Exploit Risk (69.2/100): CVSS Medium severity, with high exploitation likelihood (EPSS 90.58%, 100th percentile). Core evidence: 4 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2011-0049

EDB-ID	Source	Kind	Published	Link
16103	exploit_db	edb	2011-02-03	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2011-0049

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-03-02	91.27%	90.58%	-0.69%
2	2025-03-30	91.60%	91.27%	-0.33%
3	2025-03-29	—	91.60%	—

Full EPSS history (15 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2011-0049

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	10.0	2.9	[email protected]

Weakness enumeration for CVE-2011-0049

CWE-22 MITRE ↗

Affected software / configurations for CVE-2011-0049

Vendor	Product	Version	Raw CPE
mj2	majordomo_2	<= 20110130	cpe:2.3:a:mj2:majordomo_2::::::::
mj2	majordomo_2	20110101	cpe:2.3:a:mj2:majordomo_2:20110101:::::::*
mj2	majordomo_2	20110102	cpe:2.3:a:mj2:majordomo_2:20110102:::::::*
mj2	majordomo_2	20110103	cpe:2.3:a:mj2:majordomo_2:20110103:::::::*
mj2	majordomo_2	20110104	cpe:2.3:a:mj2:majordomo_2:20110104:::::::*
mj2	majordomo_2	20110105	cpe:2.3:a:mj2:majordomo_2:20110105:::::::*
mj2	majordomo_2	20110106	cpe:2.3:a:mj2:majordomo_2:20110106:::::::*
mj2	majordomo_2	20110107	cpe:2.3:a:mj2:majordomo_2:20110107:::::::*
mj2	majordomo_2	20110108	cpe:2.3:a:mj2:majordomo_2:20110108:::::::*
mj2	majordomo_2	20110109	cpe:2.3:a:mj2:majordomo_2:20110109:::::::*
mj2	majordomo_2	20110110	cpe:2.3:a:mj2:majordomo_2:20110110:::::::*
mj2	majordomo_2	20110111	cpe:2.3:a:mj2:majordomo_2:20110111:::::::*
mj2	majordomo_2	20110112	cpe:2.3:a:mj2:majordomo_2:20110112:::::::*
mj2	majordomo_2	20110113	cpe:2.3:a:mj2:majordomo_2:20110113:::::::*
mj2	majordomo_2	20110114	cpe:2.3:a:mj2:majordomo_2:20110114:::::::*
mj2	majordomo_2	20110115	cpe:2.3:a:mj2:majordomo_2:20110115:::::::*
mj2	majordomo_2	20110116	cpe:2.3:a:mj2:majordomo_2:20110116:::::::*
mj2	majordomo_2	20110117	cpe:2.3:a:mj2:majordomo_2:20110117:::::::*
mj2	majordomo_2	20110118	cpe:2.3:a:mj2:majordomo_2:20110118:::::::*
mj2	majordomo_2	20110119	cpe:2.3:a:mj2:majordomo_2:20110119:::::::*
mj2	majordomo_2	20110120	cpe:2.3:a:mj2:majordomo_2:20110120:::::::*
mj2	majordomo_2	20110121	cpe:2.3:a:mj2:majordomo_2:20110121:::::::*
mj2	majordomo_2	20110122	cpe:2.3:a:mj2:majordomo_2:20110122:::::::*
mj2	majordomo_2	20110123	cpe:2.3:a:mj2:majordomo_2:20110123:::::::*
mj2	majordomo_2	20110124	cpe:2.3:a:mj2:majordomo_2:20110124:::::::*
mj2	majordomo_2	20110125	cpe:2.3:a:mj2:majordomo_2:20110125:::::::*
mj2	majordomo_2	20110126	cpe:2.3:a:mj2:majordomo_2:20110126:::::::*
mj2	majordomo_2	20110127	cpe:2.3:a:mj2:majordomo_2:20110127:::::::*
mj2	majordomo_2	20110128	cpe:2.3:a:mj2:majordomo_2:20110128:::::::*
mj2	majordomo_2	20110129	cpe:2.3:a:mj2:majordomo_2:20110129:::::::*

References for CVE-2011-0049

URL	Tags
http://osvdb.org/70762
http://secunia.com/advisories/43125	Vendor Advisory
http://securityreason.com/securityalert/8061
http://www.exploit-db.com/exploits/16103
http://www.kb.cert.org/vuls/id/363726	US Government Resource
http://www.securityfocus.com/archive/1/516150/100/0/threaded
http://www.securityfocus.com/bid/46127	Exploit
http://www.securitytracker.com/id?1025024
http://www.vupen.com/english/advisories/2011/0288
https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481	Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=628064	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
https://sitewat.ch/en/Advisory/View/1	Exploit URL Repurposed

cvelogic Threat Intelligence