Taocms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Taocms
(Taogogo)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	24

Date	Id	Summary	Products	Score	Patch	Annotated
2022-07-05	CVE-2021-44915	Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.	Taocms	7.2
2022-03-21	CVE-2022-25505	Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.	Taocms	9.8
2022-03-23	CVE-2022-23880	An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.	Taocms	9.8
2022-03-01	CVE-2022-23380	There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.	Taocms	8.8
2022-02-10	CVE-2021-44969	Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.	Taocms	4.8
2022-02-04	CVE-2022-23316	An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.	Taocms	4.9
2022-02-04	CVE-2021-44983	In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.	Taocms	4.9
2022-01-19	CVE-2021-46203	Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.	Taocms	6.5
2022-01-19	CVE-2021-46204	Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.	Taocms	9.8
2021-12-14	CVE-2021-45014	There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26	Taocms	9.8