First published: Mon Aug 15 2022(Updated: )
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
taogogo taoCMS | =3.0.2 | |
=3.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in taocms 3.0.2 is CVE-2022-36262.
The severity of CVE-2022-36262 is critical with a CVSS score of 9.8.
An attacker can exploit the vulnerability in taocms 3.0.2 by modifying the config.php file to inject arbitrary PHP code.
Yes, a fix for CVE-2022-36262 is available.
More information about taocms 3.0.2 and CVE-2022-36262 can be found on the taocms website and the GitHub repository.