Vulnerabilities > Taogogo

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2022-23880 Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
taogogo CWE-434
7.5
2022-03-21 CVE-2022-25505 SQL Injection vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
network
low complexity
taogogo CWE-89
7.5
2022-03-18 CVE-2022-25578 Code Injection vulnerability in Taogogo Taocms 3.0.2
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
network
low complexity
taogogo CWE-94
7.5
2022-03-01 CVE-2022-23380 SQL Injection vulnerability in Taogogo Taocms 3.0.2
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
network
low complexity
taogogo CWE-89
6.5
2022-02-10 CVE-2021-44969 Cross-site Scripting vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
network
taogogo CWE-79
3.5
2022-02-04 CVE-2021-44983 Files or Directories Accessible to External Parties vulnerability in Taogogo Taocms 3.0.1
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
network
low complexity
taogogo CWE-552
4.0
2022-02-04 CVE-2022-23316 Files or Directories Accessible to External Parties vulnerability in Taogogo Taocms 3.0.2
An issue was discovered in taoCMS v3.0.2.
network
low complexity
taogogo CWE-552
4.0
2022-01-19 CVE-2021-46203 Path Traversal vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
network
low complexity
taogogo CWE-22
4.0
2022-01-19 CVE-2021-46204 SQL Injection vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
network
low complexity
taogogo CWE-89
7.5
2021-12-14 CVE-2021-45014 SQL Injection vulnerability in Taogogo Taocms 3.0.2
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
network
low complexity
taogogo CWE-89
7.5