VYPR
Vendor

Taocms

Products
1
CVEs
17
Across products
17
Status
Private

Products

1

Recent CVEs

17
  • CVE-2022-48006CriJan 30, 2023
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.

  • CVE-2022-46998CriJan 26, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).

  • CVE-2022-36262CriAug 15, 2022
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

  • CVE-2022-25505CriMar 21, 2022
    risk 0.64cvss 9.8epss 0.01

    Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.

  • CVE-2022-25578CriMar 18, 2022
    risk 0.64cvss 9.8epss 0.02

    taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

  • CVE-2021-46204CriJan 19, 2022
    risk 0.64cvss 9.8epss 0.01

    Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

  • CVE-2021-45014CriDec 14, 2021
    risk 0.64cvss 9.8epss 0.01

    There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26

  • CVE-2022-36261CriAug 23, 2022
    risk 0.59cvss 9.1epss 0.01

    An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt

  • CVE-2021-45015CriDec 14, 2021
    risk 0.59cvss 9.1epss 0.01

    taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.

  • CVE-2022-23380HigMar 1, 2022
    risk 0.57cvss 8.8epss 0.01

    There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

  • CVE-2022-23387HigMar 1, 2022
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.

  • CVE-2021-44915HigJul 5, 2022
    risk 0.47cvss 7.2epss 0.01

    Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

  • CVE-2021-46203MedJan 19, 2022
    risk 0.42cvss 6.5epss 0.01

    Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

  • CVE-2023-1947MedApr 7, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and…

  • CVE-2023-34654MedJul 5, 2023
    risk 0.40cvss 6.1epss 0.00

    taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).

  • CVE-2021-44983MedFeb 4, 2022
    risk 0.32cvss 4.9epss 0.01

    In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.

  • CVE-2022-23316MedFeb 4, 2022
    risk 0.32cvss 4.9epss 0.01

    An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.