Vulnerabilities > Taogogo

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-34654 Cross-site Scripting vulnerability in Taogogo Taocms 2.5/3.0.1/3.0.2
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
taogogo CWE-79
6.1
2023-06-20 CVE-2020-20725 Cross-site Scripting vulnerability in Taogogo Taocms 2.5
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
network
low complexity
taogogo CWE-79
6.1
2023-04-07 CVE-2023-1947 Code Injection vulnerability in Taogogo Taocms 3.0.2
A vulnerability was found in taoCMS 3.0.2.
network
low complexity
taogogo CWE-94
critical
9.8
2023-02-24 CVE-2021-34167 Cross-Site Request Forgery (CSRF) vulnerability in Taogogo Taocms 3.0.2
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
network
low complexity
taogogo CWE-352
8.8
2023-01-30 CVE-2022-48006 Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
taogogo CWE-434
critical
9.8
2023-01-26 CVE-2022-46998 Server-Side Request Forgery (SSRF) vulnerability in Taogogo Taocms 3.0.2
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
network
low complexity
taogogo CWE-918
critical
9.8
2022-08-23 CVE-2022-36261 Path Traversal vulnerability in Taogogo Taocms 3.0.2
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
network
low complexity
taogogo CWE-22
critical
9.1
2022-08-15 CVE-2022-36262 Code Injection vulnerability in Taogogo Taocms 3.0.2
An issue was discovered in taocms 3.0.2.
network
low complexity
taogogo CWE-94
critical
9.8
2022-07-05 CVE-2021-44915 SQL Injection vulnerability in Taogogo Taocms 3.0.2
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
network
low complexity
taogogo CWE-89
7.2
2022-03-23 CVE-2022-23880 Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
taogogo CWE-434
critical
9.8