Terra-Master: Security Vulnerabilities
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-11-27
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-27
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
CVSS Score
8.8
EPSS Score
0.204
Published
2018-11-27
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-27
Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-27
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.
CVSS Score
9.8
EPSS Score
0.062
Published
2017-09-15
Page 5