mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-13 22:32:09 +02:00
marc
1.0 KiB
1.0 KiB
CVE-2020-15568
Description
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
POC
Reference
No PoCs from references.
Github
- https://github.com/20142995/Goby
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Z0fhack/Goby_POC
- https://github.com/divinepwner/TerraMaster-TOS-CVE-2020-15568
- https://github.com/n0bugz/CVE-2020-15568
- https://github.com/sobinge/nuclei-templates