Skip to main content
CVE-2020-28188 CRITICAL POC THREAT Emergency

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Tos
NVD
CVSS 3.1
9.8
EPSS
96.6%
CVE-2020-26282 CRITICAL POC PATCH Act Now

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Browserup Proxy
NVD GitHub
CVSS 3.1
10.0
EPSS
4.6%
CVE-2020-29474 CRITICAL POC Act Now

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Egm Address Book
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-29472 CRITICAL POC Act Now

EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Under Construction Page With Cpanel
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-28187 CRITICAL POC THREAT Act Now

Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Tos
NVD
CVSS 3.1
9.8
EPSS
16.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy