Vulnerabilities > Taogogo > Taocms > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-24 CVE-2021-34167 Cross-Site Request Forgery (CSRF) vulnerability in Taogogo Taocms 3.0.2
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
network
low complexity
taogogo CWE-352
8.8
2022-03-23 CVE-2022-23880 Unrestricted Upload of File with Dangerous Type vulnerability in Taogogo Taocms 3.0.2
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
taogogo CWE-434
7.5
2022-03-21 CVE-2022-25505 SQL Injection vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
network
low complexity
taogogo CWE-89
7.5
2022-01-19 CVE-2021-46204 SQL Injection vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
network
low complexity
taogogo CWE-89
7.5
2021-12-14 CVE-2021-45014 SQL Injection vulnerability in Taogogo Taocms 3.0.2
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
network
low complexity
taogogo CWE-89
7.5
2019-02-11 CVE-2019-7720 Code Injection vulnerability in Taogogo Taocms 20140524
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
network
low complexity
taogogo CWE-94
7.5