First published: Mon Feb 11 2019(Updated: )
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
taogogo taoCMS | <=2014-05-24 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7720 is a vulnerability in taocms through 2014-05-24 that allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
CVE-2019-7720 has a severity rating of critical with a score of 9.8.
taocms through 2014-05-24 is affected by CVE-2019-7720.
To fix CVE-2019-7720, update taocms to a version that is later than 2014-05-24 and apply any available patches.
You can find more information about CVE-2019-7720 at https://github.com/taogogo/taocms/issues/1.