Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Very High
CVE-2020-28188
Disclosure Date: December 24, 2020 (last updated January 29, 2021)
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
4
Attacker Value
Very High
CVE-2020-7961
Disclosure Date: March 20, 2020 (last updated January 29, 2021)
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
5
Attacker Value
Very High
CVE-2020-35665
Disclosure Date: December 23, 2020 (last updated October 07, 2023)
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
2