Taocms
Products
1- 17 CVEs
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48006 | Cri | 0.64 | 9.8 | 0.01 | Jan 30, 2023 | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | ||
| CVE-2022-46998 | Cri | 0.64 | 9.8 | 0.01 | Jan 26, 2023 | An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | ||
| CVE-2022-36262 | Cri | 0.64 | 9.8 | 0.01 | Aug 15, 2022 | An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | ||
| CVE-2022-25505 | Cri | 0.64 | 9.8 | 0.01 | Mar 21, 2022 | Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | ||
| CVE-2022-25578 | Cri | 0.64 | 9.8 | 0.02 | Mar 18, 2022 | taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | ||
| CVE-2021-46204 | Cri | 0.64 | 9.8 | 0.01 | Jan 19, 2022 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | ||
| CVE-2021-45014 | Cri | 0.64 | 9.8 | 0.01 | Dec 14, 2021 | There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 | ||
| CVE-2022-36261 | Cri | 0.59 | 9.1 | 0.01 | Aug 23, 2022 | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | ||
| CVE-2021-45015 | Cri | 0.59 | 9.1 | 0.01 | Dec 14, 2021 | taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | ||
| CVE-2022-23380 | Hig | 0.57 | 8.8 | 0.01 | Mar 1, 2022 | There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | ||
| CVE-2022-23387 | Hig | 0.49 | 7.5 | 0.01 | Mar 1, 2022 | An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. | ||
| CVE-2021-44915 | Hig | 0.47 | 7.2 | 0.01 | Jul 5, 2022 | Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | ||
| CVE-2021-46203 | Med | 0.42 | 6.5 | 0.01 | Jan 19, 2022 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | ||
| CVE-2023-1947 | Med | 0.41 | 6.3 | 0.01 | Apr 7, 2023 | A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and… | ||
| CVE-2023-34654 | Med | 0.40 | 6.1 | 0.00 | Jul 5, 2023 | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | ||
| CVE-2021-44983 | Med | 0.32 | 4.9 | 0.01 | Feb 4, 2022 | In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | ||
| CVE-2022-23316 | Med | 0.32 | 4.9 | 0.01 | Feb 4, 2022 | An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. |
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
- risk 0.64cvss 9.8epss 0.01
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
- risk 0.64cvss 9.8epss 0.01
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
- risk 0.64cvss 9.8epss 0.02
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
- risk 0.64cvss 9.8epss 0.01
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
- risk 0.64cvss 9.8epss 0.01
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
- risk 0.59cvss 9.1epss 0.01
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
- risk 0.59cvss 9.1epss 0.01
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
- risk 0.57cvss 8.8epss 0.01
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.
- risk 0.47cvss 7.2epss 0.01
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
- risk 0.42cvss 6.5epss 0.01
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and…
- risk 0.40cvss 6.1epss 0.00
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
- risk 0.32cvss 4.9epss 0.01
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
- risk 0.32cvss 4.9epss 0.01
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.