Command Injection in TerraMaster TOS 3.1.03: Remote Code Execution via ajaxdata.php
CVE-2018-13338 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
Learn more about our User Device Pen Test.