CVE-2022-36261

2022-08-2312:46:47

mitre

www.cve.org

cve-2022-36261

taocms 3.0.2

file deletion

server vulnerability

admin.php action

test.txt

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

42.0%

JSON

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/…/…/…/test.txt

References

github.com/chasingboy/cms-pentest/blob/main/taocms-arbitrary-file-deletion-vulnerability.md

github.com/chasingboy/cms-pentest/blob/main/taocms-arbitrary-file-deletion-vulnerability.md?by=xboy%28topsec%29