Critical severity9.8NVD Advisory· Published Nov 27, 2018· Updated Jun 17, 2026
CVE-2018-13336
CVE-2018-13336
Description
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
Affected products
2= 3.1.03+ 1 more
- (no CPE)range: = 3.1.03
- (no CPE)range: 3.1.03
Patches
Vulnerability mechanics
References
1- blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86anvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.