Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-79rv-cc85-5qhh

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.

Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.

Ссылки

EPSS

Процентиль: 98%
0.64157
Средний

CVE ID

CVE-2020-28187

Дефекты

CWE-22

Связанные уязвимости

nvd логотип

CVE-2020-28187

CVSS3: 9.8
nvd
около 5 лет назад

Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php.

EPSS

Процентиль: 98%
0.64157
Средний

CVE ID

CVE-2020-28187

Дефекты

CWE-22