CVE-2018-13336

2018-11-27T21:29:00
ID CVE-2018-13336
Type cve
Reporter cve@mitre.org
Modified 2019-10-03T00:03:00

Description

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.