Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
taocms taocms 3.0.2 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-45015
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
Taogogo Taocms 3.0.2
4
CVSSv2
CVE-2022-23316
An issue exists in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
Taogogo Taocms 3.0.2
6.5
CVSSv2
CVE-2022-23380
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
Taogogo Taocms 3.0.2
NA
CVE-2022-36262
An issue exists in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
Taogogo Taocms 3.0.2
7.5
CVSSv2
CVE-2021-46204
Taocms v3.0.2 exists to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
Taogogo Taocms 3.0.2
NA
CVE-2022-48006
An arbitrary file upload vulnerability in taocms v3.0.2 allows malicious users to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
Taogogo Taocms 3.0.2
NA
CVE-2022-36261
An arbitrary file deletion vulnerability exists in taocms 3.0.2, that allows malicious user to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
Taogogo Taocms 3.0.2
7.5
CVSSv2
CVE-2022-23880
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows malicious users to execute arbitrary code via a crafted PHP file.
Taogogo Taocms 3.0.2
NA
CVE-2023-34654
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
Taogogo Taocms
NA
CVE-2024-33350
Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote malicious user to execute arbitrary code and obtain sensitive information via the include/model/file.php component.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2