CVE-2020-28186

High

Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve…

mitre·CWE-640·Published 2020-12-24

CVSS

7.3

EPSS

0.04

KEV

Exploits

cve.orgen

157 chars

Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.

NVDen

157 chars

Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.

Una Inyección de correo electrónico en TerraMaster TOS versiones anteriores a 4.2.06 incluyéndola, permite a atacantes remotos no autenticados abusar de la funcionalidad forget password y lograr la toma de control de la cuenta

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L