nvd-json-data-feeds/CVE-2022/CVE-2022-249xx/CVE-2022-24989.json

{
  "id": "CVE-2022-24989",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-20T18:15:09.523",
  "lastModified": "2023-08-21T12:47:18.157",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://attackerkb.com/topics/h8YKVKx21t/cve-2022-24990",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://forum.terra-master.com/en/viewforum.php?f=28",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/0xf4n9x/CVE-2022-24990",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://packetstormsecurity.com/files/172904",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2023-08-20T20:00:29.595789+00:00 2023-08-20 20:00:33 +00:00			`{`
			`"id": "CVE-2022-24989",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2023-08-20T18:15:09.523",`
Auto-Update: 2023-08-21T14:00:29.661992+00:00 2023-08-21 14:00:33 +00:00			`"lastModified": "2023-08-21T12:47:18.157",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2023-08-20T20:00:29.595789+00:00 2023-08-20 20:00:33 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used."`
			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://attackerkb.com/topics/h8YKVKx21t/cve-2022-24990",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://forum.terra-master.com/en/viewforum.php?f=28",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://github.com/0xf4n9x/CVE-2022-24990",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://packetstormsecurity.com/files/172904",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`