Full title: TerraMaster TOS 4.2.06 Remote Code Execution Exploit 
Category: remote exploits
Platform: unix
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.

# 0day.today @ http://0day.today/