Command Injection Vulnerability in TerraMaster TOS 3.1.03: Execute System Commands via groupname Parameter
CVE-2018-13330 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
Learn more about our Web Application Penetration Testing UK.