mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-14 23:28:04 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2022-24989
Description
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
POC
Reference
- https://attackerkb.com/topics/h8YKVKx21t/cve-2022-24990
- https://packetstormsecurity.com/files/172904
Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ArrestX/--POC
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Threekiii/Awesome-POC
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/h00die-gr3y/Metasploit