Command Injection in TerraMaster TOS 3.1.03: Remote Code Execution via ajaxdata.php

CVE-2018-13338 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.

Learn more about our User Device Pen Test.