Product:

Taocms

(Taogogo)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 24
Date Id Summary Products Score Patch Annotated
2022-02-04 CVE-2021-44983 In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. Taocms 4.9
2022-02-10 CVE-2021-44969 Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. Taocms 4.8
2022-03-01 CVE-2022-23380 There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. Taocms 8.8
2022-03-18 CVE-2022-25578 taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. Taocms 9.8
2022-03-21 CVE-2022-25505 Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. Taocms 9.8
2022-03-23 CVE-2022-23880 An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. Taocms 9.8
2022-07-05 CVE-2021-44915 Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. Taocms 7.2
2022-08-15 CVE-2022-36262 An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. Taocms 9.8
2022-08-23 CVE-2022-36261 An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt Taocms 9.1
2023-01-26 CVE-2022-46998 An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). Taocms 9.8