Vulnerabilities > Asustor > Data Master > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-04 CVE-2018-12307 OS Command Injection vulnerability in Asustor Data Master 3.1.1
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
network
low complexity
asustor CWE-78
8.8
2018-12-04 CVE-2018-12306 Path Traversal vulnerability in Asustor Data Master 3.1.1
Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.
network
low complexity
asustor CWE-22
7.5
2018-08-27 CVE-2018-15694 Path Traversal vulnerability in Asustor Data Master
ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability.
network
high complexity
asustor CWE-22
7.5