Vulnerabilities > Terra Master > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13356 | Incorrect Authorization vulnerability in Terra-Master Terramaster Operating System 3.1.03 Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | 9.0 |
| 2018-11-27 | CVE-2018-13354 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | 10.0 |
| 2018-11-27 | CVE-2018-13353 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | 9.0 |
| 2018-11-27 | CVE-2018-13338 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | 10.0 |
| 2018-11-27 | CVE-2018-13336 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | 10.0 |
| 2018-11-27 | CVE-2018-13330 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | 9.0 |
| 2017-09-15 | CVE-2017-9328 | OS Command Injection vulnerability in Terra-Master Terramaster Operating System Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | 10.0 |