Command Injection Vulnerability in TerraMaster TOS 3.1.03: Execute System Commands via groupname Parameter

Command Injection Vulnerability in TerraMaster TOS 3.1.03: Execute System Commands via groupname Parameter

CVE-2018-13330 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.

Learn more about our Web Application Penetration Testing UK.