Product:

Taocms

(Taogogo)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 24
Date Id Summary Products Score Patch Annotated
2023-02-24 CVE-2021-34167 Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. Taocms 8.8
2023-06-20 CVE-2020-20725 Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. Taocms 6.1
2021-12-02 CVE-2021-25783 Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. Taocms 7.2
2021-12-02 CVE-2021-25784 Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. Taocms 7.2
2021-12-02 CVE-2021-25785 Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. Taocms 4.8
2021-12-14 CVE-2021-45015 taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. Taocms 9.1
2021-12-14 CVE-2021-45014 There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 Taocms 9.8
2022-01-19 CVE-2021-46203 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. Taocms 6.5
2022-01-19 CVE-2021-46204 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. Taocms 9.8
2022-02-04 CVE-2022-23316 An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. Taocms 4.9