CVE-2022-48006: Malicious File Upload
First published: Mon Jan 30 2023(Updated: )
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| taogogo taoCMS | =3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this arbitrary file upload vulnerability in taocms v3.0.2?
The vulnerability ID is CVE-2022-48006.
What is the severity of CVE-2022-48006?
The severity of CVE-2022-48006 is critical, with a severity value of 9.8.
How does this arbitrary file upload vulnerability in taocms v3.0.2 allow attackers to execute arbitrary code?
Attackers can execute arbitrary code by manipulating the upext variable at /include/Model/Upload.php.
Which software version is affected by this vulnerability?
This vulnerability affects taocms v3.0.2.
Is there a fix for CVE-2022-48006?
At the moment, there is no known fix for CVE-2022-48006. It is recommended to implement security measures, such as restricting file upload capabilities and monitoring for any suspicious activity.
- collector/nvd-index
- vendor/taogogo
- canonical/taogogo taocms
- version/taogogo taocms/3.0.2