Taocms

taocms

Vendor: Taogogo • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-33350 1Taogogo 1Taocms Apr 16, 2025 Apr 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.
CVE-2023-34654 1Taogogo 1Taocms Nov 21, 2024 Jul 5, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
CVE-2020-20725 1Taogogo 1Taocms Dec 11, 2024 Jun 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
CVE-2023-1947 1Taogogo 1Taocms Nov 21, 2024 Apr 7, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack r...Show more A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability.Show less
CVE-2021-34167 1Taogogo 1Taocms Mar 12, 2025 Feb 24, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
CVE-2022-48006 1Taogogo 1Taocms Mar 28, 2025 Jan 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.p...Show more An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.Show less
CVE-2022-46998 1Taogogo 1Taocms Apr 1, 2025 Jan 26, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
CVE-2022-36261 1Taogogo 1Taocms Nov 21, 2024 Aug 23, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVE-2022-36262 1Taogogo 1Taocms Nov 21, 2024 Aug 15, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
CVE-2021-44915 1Taogogo 1Taocms Nov 21, 2024 Jul 5, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVE-2022-23880 1Taogogo 1Taocms Nov 21, 2024 Mar 23, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25505 1Taogogo 1Taocms Nov 21, 2024 Mar 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-25578 1Taogogo 1Taocms Nov 21, 2024 Mar 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
CVE-2022-23380 1Taogogo 1Taocms Nov 21, 2024 Mar 1, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
CVE-2021-44969 1Taogogo 1Taocms Nov 21, 2024 Feb 10, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
CVE-2021-44983 1Taogogo 1Taocms Nov 21, 2024 Feb 4, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
CVE-2022-23316 1Taogogo 1Taocms Nov 21, 2024 Feb 4, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
CVE-2021-46204 1Taogogo 1Taocms Nov 21, 2024 Jan 19, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
CVE-2021-46203 1Taogogo 1Taocms Nov 21, 2024 Jan 19, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
CVE-2021-45015 1Taogogo 1Taocms Nov 21, 2024 Dec 14, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.

12 Next