An issue exists in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.
taocms taocms 3.0.2