CVE-2022-23316
taoCMS v3.0.2 contains an arbitrary file read vulnerability in the admin download path. The issue can be exploited via admin.php?action=file&ctrl=download&path=../../1.txt to read arbitrary files, indicating a path-traversal flaw in the file download handler. Impact centers on confidentiality (re...