taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
9.8CVSS
9.6AI Score
0.008EPSS
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
6.1CVSS
6.5AI Score
0.001EPSS
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
7.2CVSS
7.2AI Score
0.001EPSS
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
7.2CVSS
7.2AI Score
0.001EPSS
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
4.8CVSS
4.9AI Score
0.001EPSS
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
8.8CVSS
8.9AI Score
0.002EPSS
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
7.2CVSS
7.2AI Score
0.001EPSS
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
4.8CVSS
5AI Score
0.001EPSS
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
4.9CVSS
5.1AI Score
0.001EPSS
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
9.8CVSS
9.6AI Score
0.002EPSS
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
9.1CVSS
9.2AI Score
0.001EPSS
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
6.5CVSS
6.5AI Score
0.001EPSS
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
4.9CVSS
5.2AI Score
0.001EPSS
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
8.8CVSS
8.9AI Score
0.001EPSS
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
9.8CVSS
9.6AI Score
0.003EPSS
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
9.8CVSS
9.8AI Score
0.002EPSS
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
9.8CVSS
9.7AI Score
0.001EPSS
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
9.1CVSS
9AI Score
0.001EPSS
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
9.8CVSS
9.3AI Score
0.005EPSS
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
9.8CVSS
9.4AI Score
0.003EPSS
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
9.8CVSS
9.5AI Score
0.003EPSS
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-2253...
9.8CVSS
9.7AI Score
0.003EPSS
6.1CVSS
6AI Score
0.001EPSS