CVE-2020-35665 | TerraMaster TOS up to 4.2.06 CSV include/makecvs.php Event os command injection (EDB-49330)
A vulnerability was found in TerraMaster TOS up to 4.2.06. It has been classified as very critical. Affected is an unknown function of the file include/makecvs.php of the component CSV Handler. The manipulation of the argument Event leads to os command injection.
This vulnerability is traded as CVE-2020-35665. It is possible to launch the attack remotely. Furthermore, there is an exploit available.