Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
taocms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-23387
An issue exists in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.
Taocms Taocms 3.0.2
6.1
CVSSv3
CVE-2023-34654
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
Taogogo Taocms
9.8
CVSSv3
CVE-2019-7720
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
Taogogo Taocms
9.8
CVSSv3
CVE-2022-46998
An issue in the website background of taocms v3.0.2 allows malicious users to execute a Server-Side Request Forgery (SSRF).
Taogogo Taocms 3.0.2
9.8
CVSSv3
CVE-2022-25505
Taocms v3.0.2 exists to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
Taogogo Taocms 3.0.2
9.8
CVSSv3
CVE-2022-25578
taocms v3.0.2 allows malicious users to execute code injection via arbitrarily editing the .htaccess file.
Taogogo Taocms 3.0.2
8.8
CVSSv3
CVE-2021-34167
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote malicious users to gain escalated privileges via taocms/admin/admin.php.
Taogogo Taocms 3.0.2
6.5
CVSSv3
CVE-2021-46203
Taocms v3.0.2 exists to contain an arbitrary file read vulnerability via the path parameter.
Taogogo Taocms 3.0.2
9.8
CVSSv3
CVE-2022-23880
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows malicious users to execute arbitrary code via a crafted PHP file.
Taogogo Taocms 3.0.2
9.8
CVSSv3
CVE-2022-48006
An arbitrary file upload vulnerability in taocms v3.0.2 allows malicious users to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
Taogogo Taocms 3.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »