PT-2018-11770 · Terramaster · Terramaster Tos
Published
2018-11-27
·
Updated
2018-12-19
·
CVE-2018-13350
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TerraMaster TOS version 3.1.03
Description
The issue allows attackers to execute SQL queries via the
Event parameter in the logtable.php file. This can potentially lead to unauthorized access to sensitive data.Recommendations
For TerraMaster TOS version 3.1.03, avoid using the
Event parameter in the logtable.php file until a patch is available. As a temporary workaround, consider restricting access to the logtable.php file to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Terramaster Tos