Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-04-29
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-05
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-06-20
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-04-07
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-24
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-30
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-26
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVSS Score
9.1
EPSS Score
0.002
Published
2022-08-23
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-15
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-07-05
Page 1