First published: Mon Jan 30 2023(Updated: )
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
taogogo taoCMS | =3.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-48006.
The severity of CVE-2022-48006 is critical, with a severity value of 9.8.
Attackers can execute arbitrary code by manipulating the upext variable at /include/Model/Upload.php.
This vulnerability affects taocms v3.0.2.
At the moment, there is no known fix for CVE-2022-48006. It is recommended to implement security measures, such as restricting file upload capabilities and monitoring for any suspicious activity.