Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1947 | 1 Taogogo | 1 Taocms | 2024-04-11 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-36262 | 1 Taogogo | 1 Taocms | 2024-02-14 | N/A | 9.8 CRITICAL |
| An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | |||||
| CVE-2022-25578 | 1 Taogogo | 1 Taocms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | |||||
| CVE-2023-34654 | 1 Taogogo | 1 Taocms | 2023-12-10 | N/A | 6.1 MEDIUM |
| taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2020-20725 | 1 Taogogo | 1 Taocms | 2023-12-10 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | |||||
| CVE-2022-46998 | 1 Taogogo | 1 Taocms | 2023-12-10 | N/A | 9.8 CRITICAL |
| An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | |||||
| CVE-2021-34167 | 1 Taogogo | 1 Taocms | 2023-12-10 | N/A | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | |||||
| CVE-2022-48006 | 1 Taogogo | 1 Taocms | 2023-12-10 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | |||||
| CVE-2022-36261 | 1 Taogogo | 1 Taocms | 2023-12-10 | N/A | 9.1 CRITICAL |
| An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | |||||
| CVE-2021-44915 | 1 Taogogo | 1 Taocms | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | |||||
| CVE-2022-23880 | 1 Taogogo | 1 Taocms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-23380 | 1 Taogogo | 1 Taocms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | |||||
| CVE-2022-25505 | 1 Taogogo | 1 Taocms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | |||||
| CVE-2021-44969 | 1 Taogogo | 1 Taocms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. | |||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | |||||
| CVE-2021-44983 | 1 Taogogo | 1 Taocms | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | |||||
| CVE-2022-23316 | 1 Taogogo | 1 Taocms | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. | |||||
| CVE-2021-45014 | 1 Taogogo | 1 Taocms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 | |||||
| CVE-2021-25785 | 1 Taogogo | 1 Taocms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | |||||
| CVE-2021-46204 | 1 Taogogo | 1 Taocms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||||