Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44915 | 1 Taogogo | 1 Taocms | 2022-07-13 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | |||||
| CVE-2021-45015 | 1 Taogogo | 1 Taocms | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | |||||
| CVE-2021-44969 | 1 Taogogo | 1 Taocms | 2022-02-16 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. | |||||
| CVE-2021-44983 | 1 Taogogo | 1 Taocms | 2022-02-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | |||||
| CVE-2022-23316 | 1 Taogogo | 1 Taocms | 2022-02-08 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. | |||||
| CVE-2021-46204 | 1 Taogogo | 1 Taocms | 2022-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||||
| CVE-2021-46203 | 1 Taogogo | 1 Taocms | 2022-01-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | |||||
| CVE-2021-45014 | 1 Taogogo | 1 Taocms | 2021-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 | |||||
| CVE-2021-25784 | 1 Taogogo | 1 Taocms | 2021-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | |||||
| CVE-2021-25783 | 1 Taogogo | 1 Taocms | 2021-12-04 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | |||||
| CVE-2021-25785 | 1 Taogogo | 1 Taocms | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | |||||
| CVE-2019-7720 | 1 Taogogo | 1 Taocms | 2019-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | |||||