Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Taogogo Subscribe
Total 21 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34167 1 Taogogo 1 Taocms 2023-03-03 N/A 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
CVE-2022-48006 1 Taogogo 1 Taocms 2023-02-06 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
CVE-2022-46998 1 Taogogo 1 Taocms 2023-02-01 N/A 9.8 CRITICAL
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
CVE-2022-36261 1 Taogogo 1 Taocms 2022-08-24 N/A 9.1 CRITICAL
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVE-2022-36262 1 Taogogo 1 Taocms 2022-08-16 N/A 9.8 CRITICAL
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
CVE-2021-44915 1 Taogogo 1 Taocms 2022-07-12 6.5 MEDIUM 7.2 HIGH
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVE-2021-45015 1 Taogogo 1 Taocms 2022-07-12 6.4 MEDIUM 9.1 CRITICAL
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
CVE-2022-25505 1 Taogogo 1 Taocms 2022-03-28 7.5 HIGH 9.8 CRITICAL
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-23880 1 Taogogo 1 Taocms 2022-03-28 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25578 1 Taogogo 1 Taocms 2022-03-28 7.5 HIGH 9.8 CRITICAL
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
CVE-2022-23380 1 Taogogo 1 Taocms 2022-03-08 6.5 MEDIUM 8.8 HIGH
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
CVE-2021-44969 1 Taogogo 1 Taocms 2022-02-16 3.5 LOW 4.8 MEDIUM
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
CVE-2021-44983 1 Taogogo 1 Taocms 2022-02-08 4.0 MEDIUM 4.9 MEDIUM
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
CVE-2022-23316 1 Taogogo 1 Taocms 2022-02-08 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
CVE-2021-46204 1 Taogogo 1 Taocms 2022-01-25 7.5 HIGH 9.8 CRITICAL
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
CVE-2021-46203 1 Taogogo 1 Taocms 2022-01-25 4.0 MEDIUM 6.5 MEDIUM
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
CVE-2021-45014 1 Taogogo 1 Taocms 2021-12-15 7.5 HIGH 9.8 CRITICAL
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
CVE-2021-25784 1 Taogogo 1 Taocms 2021-12-03 6.5 MEDIUM 7.2 HIGH
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
CVE-2021-25783 1 Taogogo 1 Taocms 2021-12-03 6.5 MEDIUM 7.2 HIGH
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
CVE-2021-25785 1 Taogogo 1 Taocms 2021-12-03 3.5 LOW 4.8 MEDIUM
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.