CVE Tools

taogogo

Web & CMS Pluginscommercial

12

Cumulative CVEs

3

Monthly snapshots

#113

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting taogogo.

CVE-2024-33350Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.9.8Apr 29, 2024
CVE-2023-34654taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).6.1Jul 5, 2023
CVE-2020-20725Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.6.1Jun 20, 2023
CVE-2023-1947taoCMS admin.php code injection6.3Apr 7, 2023
CVE-2021-34167Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.8.8Feb 24, 2023
CVE-2022-48006An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at ...9.8Jan 30, 2023
CVE-2022-46998An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).9.8Jan 25, 2023
CVE-2022-36261An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt9.1Aug 23, 2022
CVE-2022-36262An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.9.8Aug 15, 2022
CVE-2021-44915Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.7.2Jul 5, 2022
CVE-2022-23880An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.9.8Mar 23, 2022
CVE-2022-25505Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.9.8Mar 21, 2022
CVE-2022-25578taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.9.8Mar 18, 2022
CVE-2022-23380There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.8.8Mar 1, 2022
CVE-2021-44969Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.4.8Feb 10, 2022