CVE-2022-36262: Code Injection
First published: Mon Aug 15 2022(Updated: )
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| taogogo taoCMS | =3.0.2 | |
| =3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in taocms 3.0.2?
The vulnerability ID for this issue in taocms 3.0.2 is CVE-2022-36262.
What is the severity of CVE-2022-36262?
The severity of CVE-2022-36262 is critical with a CVSS score of 9.8.
How can an attacker exploit the vulnerability in taocms 3.0.2?
An attacker can exploit the vulnerability in taocms 3.0.2 by modifying the config.php file to inject arbitrary PHP code.
Is there a fix available for CVE-2022-36262?
Yes, a fix for CVE-2022-36262 is available.
Where can I find more information about taocms 3.0.2 and CVE-2022-36262?
More information about taocms 3.0.2 and CVE-2022-36262 can be found on the taocms website and the GitHub repository.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/taogogo
- canonical/taogogo taocms
- version/taogogo taocms/3.0.2