Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
taogogo taocms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-34654
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
Taogogo Taocms
9.8
CVSSv3
CVE-2019-7720
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
Taogogo Taocms
8.8
CVSSv3
CVE-2022-23380
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
Taogogo Taocms 3.0.2
9.1
CVSSv3
CVE-2022-36261
An arbitrary file deletion vulnerability exists in taocms 3.0.2, that allows malicious user to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
Taogogo Taocms 3.0.2
9.8
CVSSv3
CVE-2022-23880
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows malicious users to execute arbitrary code via a crafted PHP file.
Taogogo Taocms 3.0.2
4.9
CVSSv3
CVE-2022-23316
An issue exists in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
Taogogo Taocms 3.0.2
6.1
CVSSv3
CVE-2020-20725
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote malicious user to execute arbitrary code via the name field in admin.php.
Taogogo Taocms 2.5
7.2
CVSSv3
CVE-2021-44915
Taocms 3.0.2 exists to contain a blind SQL injection vulnerability via the function Edit category.
Taogogo Taocms 3.0.2
7.2
CVSSv3
CVE-2021-25783
Taocms v2.5Beta5 exists to contain a blind SQL injection vulnerability via the function Article Search.
Taogogo Taocms 2.5
7.2
CVSSv3
CVE-2021-25784
Taocms v2.5Beta5 exists to contain a blind SQL injection vulnerability via the function Edit Article.
Taogogo Taocms 2.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »