漏洞描述
TerraMaster TOS 4.1.29具有无效的参数检查,攻击者可以使用opt参数中的OS命令(例如)触发对exec方法的调用。
TerraMaster TOS exportUser.php 远程命令执行(CVE-2020-15568)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-15568: TerraMaster TOS v4.1.24 RCE POC
2025-09-01 | TerraMaster TOSTerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. T... -
CVE-2020-28185: TerraMaster TOS 用户枚举漏洞 POC
2025-09-01 | TerraMaster TOSTerraMaster TOS 存在用户枚举漏洞,通过wizard/initialise.php页面的username参数即可枚举系统中的用户,以及泄露邮箱信息 fofa: "TerraMa... -
CVE-2020-28187: TerraMaster TOS 后台任意文件读取漏洞 CVE-2020-28187 POC
2025-09-01 | TerraMaster TOSTerraMaster TOS <= 4.2.06中的多个目录遍历漏洞允许远程身份验证的攻击者通过/tos/index.php?editor/fileGet路径下的filename参数、 /in... -
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...