Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-03-21
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-18
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-01
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-02-10
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-02-04
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-01-19
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-01-19
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
CVSS Score
9.8
EPSS Score
0.002
Published
2021-12-14
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
CVSS Score
9.1
EPSS Score
0.007
Published
2021-12-14
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-11