CVE-2022-36261: Path Traversal
First published: Tue Aug 23 2022(Updated: )
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| taogogo taoCMS | =3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-36261?
CVE-2022-36261 is an arbitrary file deletion vulnerability in taocms 3.0.2.
How severe is CVE-2022-36261?
CVE-2022-36261 has a severity rating of 9.1, which is considered critical.
How does CVE-2022-36261 allow an attacker to delete files?
CVE-2022-36261 allows an attacker to delete files by exploiting a vulnerability in the 'admin.php' file.
What software version is affected by CVE-2022-36261?
CVE-2022-36261 affects taocms 3.0.2.
Is there a fix for CVE-2022-36261?
There is currently no known fix for CVE-2022-36261. It is recommended to update to a patched version when available.
- collector/nvd-index
- vendor/taogogo
- canonical/taogogo taocms
- version/taogogo taocms/3.0.2