Taogogo: Security Vulnerabilities
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
CVSS Score
9.1
EPSS Score
0.007
Published
2021-12-14
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-12-02
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-12-02
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-12-02
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-02-11
Page 3