This module exploits an unauthenticated remote code-execution vulnerability in TerraMaster TOS 4.2.06
and lower via shell metacharacters in the Event parameter at vulnerable endpoint `include/makecvs.php`
during CSV creation.
Any unauthenticated user can therefore execute commands on the system under the same privileges as the
web application, which typically runs under root at the TerraMaster Operating System.
msf > use exploit/linux/http/terramaster_unauth_rce_cve_2020_35665
msf exploit(terramaster_unauth_rce_cve_2020_35665) > show targets
...targets...
msf exploit(terramaster_unauth_rce_cve_2020_35665) > set TARGET < target-id >
msf exploit(terramaster_unauth_rce_cve_2020_35665) > show options
...show and set options...
msf exploit(terramaster_unauth_rce_cve_2020_35665) > exploit