Taocms Security Vulnerabilities and Issues — Taocms CVE List

Lucene search

TaogogoTaocms

13 matches found

CVE•added 2022/03/21 12:15 a.m.•76 views

CVE-2022-25505

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.

9.8CVSS9.8AI score0.00233EPSS

CVE•added 2022/03/23 9:15 p.m.•73 views

CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.

9.8CVSS9.6AI score0.0081EPSS

CVE•added 2022/03/18 11:15 p.m.•63 views

CVE-2022-25578

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

9.8CVSS9.7AI score0.01047EPSS

CVE•added 2023/01/30 10:15 p.m.•50 views

CVE-2022-48006

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.

9.8CVSS9.5AI score0.00107EPSS

CVE•added 2022/08/15 12:15 p.m.•49 views

CVE-2022-36262

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

9.8CVSS9.3AI score0.00145EPSS

CVE•added 2022/08/23 1:15 p.m.•47 views

CVE-2022-36261

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt

9.1CVSS9AI score0.00226EPSS

CVE•added 2024/04/29 9:15 p.m.•42 views

CVE-2024-33350

Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.

9.8CVSS7.5AI score0.06945EPSS

CVE•added 2022/01/19 6:15 p.m.•41 views

CVE-2021-46204

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

9.8CVSS9.8AI score0.00261EPSS

CVE•added 2019/02/11 4:29 a.m.•36 views

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.

9.8CVSS9.6AI score0.00477EPSS

CVE•added 2021/12/14 2:15 p.m.•36 views

CVE-2021-45015

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.

9.1CVSS9.2AI score0.00745EPSS

CVE•added 2023/01/26 9:18 p.m.•34 views

CVE-2022-46998

An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).

9.8CVSS9.4AI score0.00322EPSS

CVE•added 2023/04/07 11:15 p.m.•31 views

CVE-2023-1947

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-2253...

9.8CVSS8.4AI score0.00117EPSS

CVE•added 2021/12/14 2:15 p.m.•24 views

CVE-2021-45014

There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26

9.8CVSS9.6AI score0.00245EPSS