Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Taocms
(Taogogo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-07 | CVE-2023-1947 | A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | Taocms | 9.8 | ||
| 2022-03-18 | CVE-2022-25578 | taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | Taocms | 9.8 | ||
| 2022-08-15 | CVE-2022-36262 | An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | Taocms | 9.8 | ||
| 2022-08-23 | CVE-2022-36261 | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | Taocms | 9.1 | ||
| 2023-07-05 | CVE-2023-34654 | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | Taocms | 6.1 | ||
| 2023-06-20 | CVE-2020-20725 | Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | Taocms | 6.1 | ||
| 2023-02-24 | CVE-2021-34167 | Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | Taocms | 8.8 | ||
| 2023-01-30 | CVE-2022-48006 | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | Taocms | 9.8 | ||
| 2023-01-26 | CVE-2022-46998 | An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | Taocms | 9.8 | ||
| 2021-12-14 | CVE-2021-45015 | taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | Taocms | 9.1 |