taogogo/taocms
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.1 MEDIUM | — | ||
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | |||
| 8.8 HIGH | — | ||
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. | |||
| 9.8 CRITICAL | — | ||
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | |||
| 9.8 CRITICAL | — | ||
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php. | |||
| 7.2 HIGH | 6.5 MEDIUM | ||
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | |||
| 7.5 HIGH | 5 MEDIUM | ||
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. | |||
| 8.8 HIGH | 6.5 MEDIUM | ||
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit. | |||
| 4.8 MEDIUM | 3.5 LOW | ||
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. | |||
| 4.9 MEDIUM | 4 MEDIUM | ||
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | |||
| 4.9 MEDIUM | 4 MEDIUM | ||
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php. | |||
| 6.5 MEDIUM | 4 MEDIUM | ||
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 | |||
| 9.1 CRITICAL | 6.4 MEDIUM | ||
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | |||
| 4.8 MEDIUM | 3.5 LOW | ||
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | |||
| 7.2 HIGH | 6.5 MEDIUM | ||
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. | |||
| 7.2 HIGH | 6.5 MEDIUM | ||
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. | |||
| — | 7.5 HIGH | ||
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request. | |||