Design/Logic Flaw

2020-12-2415:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.5%

JSON

Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.

CPENameOperatorVersion
tosle4.2.06

CPE	Name	Operator	Version
	tos	le	4.2.06

References

www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/

www.terra-master.com/