Vulnerabilities > Taogogo > Taocms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-34654 Cross-site Scripting vulnerability in Taogogo Taocms 3.0.1/3.0.2
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
taogogo CWE-79
6.1
2023-06-20 CVE-2020-20725 Cross-site Scripting vulnerability in Taogogo Taocms 2.5
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
network
low complexity
taogogo CWE-79
6.1
2022-07-05 CVE-2021-44915 SQL Injection vulnerability in Taogogo Taocms 3.0.2
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
network
low complexity
taogogo CWE-89
6.5
2022-03-01 CVE-2022-23380 SQL Injection vulnerability in Taogogo Taocms 3.0.2
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
network
low complexity
taogogo CWE-89
6.5
2022-02-04 CVE-2021-44983 Files or Directories Accessible to External Parties vulnerability in Taogogo Taocms 3.0.1
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
network
low complexity
taogogo CWE-552
4.0
2022-02-04 CVE-2022-23316 Files or Directories Accessible to External Parties vulnerability in Taogogo Taocms 3.0.2
An issue was discovered in taoCMS v3.0.2.
network
low complexity
taogogo CWE-552
4.0
2022-01-19 CVE-2021-46203 Path Traversal vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
network
low complexity
taogogo CWE-22
4.0
2021-12-14 CVE-2021-45015 Path Traversal vulnerability in Taogogo Taocms 3.0.2
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
network
low complexity
taogogo CWE-22
6.4
2021-12-02 CVE-2021-25783 SQL Injection vulnerability in Taogogo Taocms 2.5
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
network
low complexity
taogogo CWE-89
6.5
2021-12-02 CVE-2021-25784 SQL Injection vulnerability in Taogogo Taocms 2.5
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
network
low complexity
taogogo CWE-89
6.5