RSS   Podatności dla 'Taocms'   RSS

2022-07-05
 
CVE-2021-44915

CWE-89
 
 
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

 
2022-03-23
 
CVE-2022-23880

CWE-434
 
 
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.

 
2022-03-01
 
CVE-2022-23380

CWE-89
 
 
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

 
2022-02-10
 
CVE-2021-44969

CWE-79
 
 
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.

 
2022-02-04
 
CVE-2021-44983

CWE-552
 
 
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.

 
 
CVE-2022-23316

CWE-552
 
 
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.

 
2022-01-19
 
CVE-2021-46203

CWE-22
 
 
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

 
 
CVE-2021-46204

CWE-89
 
 
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

 
2021-12-14
 
CVE-2021-45014

CWE-89
 
 
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26

 
 
CVE-2021-45015

CWE-862
 
 
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.

 

Copyright 2024, cxsecurity.com

 

Back to Top