Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Taocms
(Taogogo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-30 | CVE-2022-48006 | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | Taocms | 9.8 | ||
| 2023-04-07 | CVE-2023-1947 | A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. | Taocms | 9.8 | ||
| 2023-07-05 | CVE-2023-34654 | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | Taocms | 6.1 | ||
| 2019-02-11 | CVE-2019-7720 | taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | Taocms | 9.8 |