Security Advisory
CVE-2018-13418
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.