Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Taocms
(Taogogo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-21 | CVE-2022-25505 | Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | Taocms | 9.8 | ||
| 2022-03-23 | CVE-2022-23880 | An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | Taocms | 9.8 | ||
| 2022-07-05 | CVE-2021-44915 | Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | Taocms | 7.2 | ||
| 2022-08-15 | CVE-2022-36262 | An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | Taocms | 9.8 | ||
| 2022-08-23 | CVE-2022-36261 | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | Taocms | 9.1 | ||
| 2023-01-26 | CVE-2022-46998 | An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | Taocms | 9.8 | ||
| 2023-01-30 | CVE-2022-48006 | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | Taocms | 9.8 | ||
| 2023-04-07 | CVE-2023-1947 | A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | Taocms | 9.8 | ||
| 2023-07-05 | CVE-2023-34654 | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | Taocms | 6.1 | ||
| 2019-02-11 | CVE-2019-7720 | taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | Taocms | 9.8 |