Showing 1 - 1 of 1

CVE-2020-28188

Status Candidate

Overview

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

Related Files

TerraMaster TOS 4.2.06 Remote Code Execution: Posted Jun 12, 2023; Authored by IHTeam, h00die-gr3y | Site metasploit.com; This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.; tags | exploit, remote, web, shell, root, php, code execution; advisories | CVE-2020-28188, CVE-2020-35665; SHA-256 | 8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 63 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
malvuln 7 files
nu11secur1ty 7 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,583)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,746)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,492)
UNIX (9,397)
UnixWare (187)
Windows (6,657)
Other

CVE-2020-28188

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems