Описание
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
Ссылки
- ProductVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.29 (исключая)
cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.93438
Критический
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-913
Связанные уязвимости
github
больше 3 лет назад
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
EPSS
Процентиль: 100%
0.93438
Критический
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-913