Summary
Detail | |||
---|---|---|---|
Vendor | Taogogo | First view | 2019-02-10 |
Product | Taocms | Last view | 2023-07-05 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.1 | 2023-07-05 | CVE-2023-34654 | taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). |
6.1 | 2023-06-20 | CVE-2020-20725 | Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. |
9.8 | 2023-04-07 | CVE-2023-1947 | A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. |
8.8 | 2023-02-24 | CVE-2021-34167 | Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. |
9.8 | 2023-01-30 | CVE-2022-48006 | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. |
9.8 | 2023-01-26 | CVE-2022-46998 | An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). |
9.1 | 2022-08-23 | CVE-2022-36261 | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt |
9.8 | 2022-08-15 | CVE-2022-36262 | An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. |
7.2 | 2022-07-05 | CVE-2021-44915 | Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. |
9.8 | 2022-03-23 | CVE-2022-23880 | An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. |
9.8 | 2022-03-21 | CVE-2022-25505 | Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. |
9.8 | 2022-03-18 | CVE-2022-25578 | taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. |
8.8 | 2022-03-01 | CVE-2022-23380 | There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. |
4.8 | 2022-02-10 | CVE-2021-44969 | Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. |
4.9 | 2022-02-04 | CVE-2022-23316 | An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. |
4.9 | 2022-02-04 | CVE-2021-44983 | In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. |
9.8 | 2022-01-19 | CVE-2021-46204 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. |
6.5 | 2022-01-19 | CVE-2021-46203 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. |
9.1 | 2021-12-14 | CVE-2021-45015 | taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. |
9.8 | 2021-12-14 | CVE-2021-45014 | There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 |
4.8 | 2021-12-02 | CVE-2021-25785 | Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. |
7.2 | 2021-12-02 | CVE-2021-25784 | Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. |
7.2 | 2021-12-02 | CVE-2021-25783 | Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. |
9.8 | 2019-02-10 | CVE-2019-7720 | taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
30% (7) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
17% (4) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
17% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
13% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
8% (2) | CWE-552 | Files or Directories Accessible to External Parties |
8% (2) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
4% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |