Taocms
by Taogo
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-33350 | 0.01 | — | 0.08 | Apr 29, 2024 | Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. | |||
| CVE-2020-20725 | 0.00 | — | 0.00 | Jun 20, 2023 | Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | |||
| CVE-2023-1947 | 0.00 | — | 0.00 | Apr 7, 2023 | A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and… | |||
| CVE-2021-34167 | 0.00 | — | 0.00 | Feb 24, 2023 | Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | |||
| CVE-2022-48006 | 0.00 | — | 0.01 | Jan 30, 2023 | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | |||
| CVE-2022-46998 | 0.00 | — | 0.00 | Jan 25, 2023 | An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | |||
| CVE-2022-36261 | 0.00 | — | 0.01 | Aug 23, 2022 | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | |||
| CVE-2022-36262 | 0.00 | — | 0.01 | Aug 15, 2022 | An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | |||
| CVE-2021-44983 | 0.00 | — | 0.01 | Feb 4, 2022 | In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | |||
| CVE-2021-46204 | 0.00 | — | 0.00 | Jan 19, 2022 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||
| CVE-2021-46203 | 0.00 | — | 0.00 | Jan 19, 2022 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | |||
| CVE-2021-45014 | 0.00 | — | 0.00 | Dec 14, 2021 | There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 | |||
| CVE-2021-25785 | 0.00 | — | 0.00 | Dec 2, 2021 | Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | |||
| CVE-2021-25784 | 0.00 | — | 0.00 | Dec 2, 2021 | Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | |||
| CVE-2019-7720 | 0.00 | — | 0.00 | Feb 11, 2019 | taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. |
- CVE-2024-33350Apr 29, 2024risk 0.01cvss —epss 0.08
Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.
- CVE-2020-20725Jun 20, 2023risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
- CVE-2023-1947Apr 7, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and…
- CVE-2021-34167Feb 24, 2023risk 0.00cvss —epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
- CVE-2022-48006Jan 30, 2023risk 0.00cvss —epss 0.01
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
- CVE-2022-46998Jan 25, 2023risk 0.00cvss —epss 0.00
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
- CVE-2022-36261Aug 23, 2022risk 0.00cvss —epss 0.01
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
- CVE-2022-36262Aug 15, 2022risk 0.00cvss —epss 0.01
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
- CVE-2021-44983Feb 4, 2022risk 0.00cvss —epss 0.01
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
- CVE-2021-46204Jan 19, 2022risk 0.00cvss —epss 0.00
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
- CVE-2021-46203Jan 19, 2022risk 0.00cvss —epss 0.00
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
- CVE-2021-45014Dec 14, 2021risk 0.00cvss —epss 0.00
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
- CVE-2021-25785Dec 2, 2021risk 0.00cvss —epss 0.00
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
- CVE-2021-25784Dec 2, 2021risk 0.00cvss —epss 0.00
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
- CVE-2019-7720Feb 11, 2019risk 0.00cvss —epss 0.00
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.