Vulnerabilities > Taogogo > Taocms > 3.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-34654 | Cross-site Scripting vulnerability in Taogogo Taocms 2.5/3.0.1/3.0.2 taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2023-04-07 | CVE-2023-1947 | Code Injection vulnerability in Taogogo Taocms 3.0.2 A vulnerability was found in taoCMS 3.0.2. | 9.8 |
| 2023-02-24 | CVE-2021-34167 | Cross-Site Request Forgery (CSRF) vulnerability in Taogogo Taocms 3.0.2 Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | 8.8 |
| 2023-01-30 | CVE-2022-48006 | Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2 An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
| 2023-01-26 | CVE-2022-46998 | Server-Side Request Forgery (SSRF) vulnerability in Taogogo Taocms 3.0.2 An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). | 9.8 |
| 2022-08-23 | CVE-2022-36261 | Path Traversal vulnerability in Taogogo Taocms 3.0.2 An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | 9.1 |
| 2022-08-15 | CVE-2022-36262 | Code Injection vulnerability in Taogogo Taocms 3.0.2 An issue was discovered in taocms 3.0.2. | 9.8 |
| 2022-07-05 | CVE-2021-44915 | SQL Injection vulnerability in Taogogo Taocms 3.0.2 Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | 7.2 |
| 2022-03-23 | CVE-2022-23880 | Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2 An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
| 2022-03-21 | CVE-2022-25505 | SQL Injection vulnerability in Taogogo Taocms 3.0.2 Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | 9.8 |