High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-24	CVE-2021-34167	Cross-Site Request Forgery (CSRF) vulnerability in Taogogo Taocms 3.0.2 Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. network low complexity taogogo CWE-352	8.8
2022-03-23	CVE-2022-23880	Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2 An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. network low complexity taogogo CWE-434	7.5
2022-03-21	CVE-2022-25505	SQL Injection vulnerability in Taogogo Taocms 3.0.2 Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. network low complexity taogogo CWE-89	7.5
2022-01-19	CVE-2021-46204	SQL Injection vulnerability in Taogogo Taocms 3.0.2 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. network low complexity taogogo CWE-89	7.5
2021-12-14	CVE-2021-45014	SQL Injection vulnerability in Taogogo Taocms 3.0.2 There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 network low complexity taogogo CWE-89	7.5
2019-02-11	CVE-2019-7720	Code Injection vulnerability in Taogogo Taocms 20140524 taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. network low complexity taogogo CWE-94	7.5