Command injection

2018-11-2721:29:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.952 High

EPSS

Percentile

99.3%

JSON

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the “pwd” parameter during user creation.

CPENameOperatorVersion
terramaster_operating_systemeq3.1.03

CPE	Name	Operator	Version
	terramaster_operating_system	eq	3.1.03

References

blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a