Unrated severityNVD Advisory· Published Jan 30, 2021· Updated Aug 4, 2024
CVE-2020-15568
CVE-2020-15568
Description
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- TerraMaster/TOSdescription
- Range: <4.1.29
Patches
Vulnerability mechanics
References
2- help.terra-master.com/TOS/view/mitrex_refsource_MISC
- ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.