CVE-2022-23380

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

CVE-2021-44969

Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.

CVE-2022-25505

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.

CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-23316

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.

CVE-2022-25578

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

CVE-2021-44983

In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.

CVE-2022-36262

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

CVE-2022-36261

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt

CVE-2021-44915

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

CVE-2021-46204

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

CVE-2021-46203

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.