Latest taogogo taocms Vulnerabilities

CVE-2023-34654
taogogo taoCMS<=3.0.2
CVE-2020-20725
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
taogogo taoCMS=2.5-beta1
CVE-2023-1947
taoCMS admin.php code injection
taogogo taoCMS=3.0.2
CVE-2021-34167
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
taogogo taoCMS=3.0.2
CVE-2022-48006
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /in...
taogogo taoCMS=3.0.2
CVE-2022-46998
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
taogogo taoCMS=3.0.2
CVE-2022-36261
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
taogogo taoCMS=3.0.2
CVE-2022-36262
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
taogogo taoCMS=3.0.2
=3.0.2
CVE-2021-44915
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
taogogo taoCMS=3.0.2
CVE-2022-23880
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
taogogo taoCMS=3.0.2
CVE-2022-25578
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
taogogo taoCMS=3.0.2
=3.0.2
CVE-2021-44969
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
taogogo taoCMS=3.0.2
CVE-2021-44983
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
taogogo taoCMS=3.0.1
CVE-2022-23316
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
taogogo taoCMS=3.0.2
CVE-2021-46204
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
taogogo taoCMS=3.0.2
CVE-2021-46203
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
taogogo taoCMS=3.0.2
CVE-2021-45015
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
taogogo taoCMS=3.0.2
CVE-2021-45014
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
taogogo taoCMS=3.0.2
CVE-2021-25783
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
taogogo taoCMS=2.5-beta5
CVE-2021-25784
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
taogogo taoCMS=2.5-beta5
CVE-2021-25785
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
taogogo taoCMS=2.5-beta5
CVE-2019-7720
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
taogogo taoCMS<=2014-05-24

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203