Taocms Security Vulnerabilities

CVE-2023-34654

taocms <=3.0.2 is vulnerable to Cross Site Scripting...

CVE-2020-20725

Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in...

CVE-2023-1947

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used....

CVE-2021-34167

Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via...

CVE-2022-48006

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at...

CVE-2022-46998

An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery...

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php...

CVE-2022-36261

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url...

CVE-2022-36262

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying...

CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit...

CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP...

CVE-2022-25505

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in...

CVE-2022-25578

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess...

CVE-2022-23387

An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update...

CVE-2022-23380

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter...

CVE-2021-44969

Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column...

CVE-2021-44983

In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management...

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via...

CVE-2021-46204

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via...

CVE-2021-46203

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path...

CVE-2021-45015

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line...

CVE-2021-45014

There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter...

CVE-2021-25783

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article...

CVE-2021-25784

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit...

CVE-2021-25785

Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management...