CVE-2020-28187

Multiple directory traversal vulnerabilities in TerraMaster TOS = 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the 1 filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to...