Every CVE whose affected-product data names Taogogo Taocms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2024-33350 — CVSS 9.8 (critical): Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via…
CVE-2021-45014 — CVSS 9.8 (critical): There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
CVE-2021-46204 — CVSS 9.8 (critical): Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via…
CVE-2022-23880 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code…
CVE-2022-25505 — CVSS 9.8 (critical): Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-36262 — CVSS 9.8 (critical): An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
CVE-2022-46998 — CVSS 9.8 (critical): An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
CVE-2022-48006 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This…
CVE-2019-7720 — CVSS 9.8 (critical): taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php…
CVE-2021-45015 — CVSS 9.1 (critical): taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
CVE-2022-36261 — CVSS 9.1 (critical): An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url…
CVE-2022-23380 — CVSS 8.8 (high): There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.
CVE-2021-34167 — CVSS 8.8 (high): Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via…
CVE-2021-25783 — CVSS 7.2 (high): Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
CVE-2021-25784 — CVSS 7.2 (high): Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
CVE-2021-44915 — CVSS 7.2 (high): Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVE-2021-46203 — CVSS 6.5 (medium): Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
CVE-2023-1947 — CVSS 6.3 (medium): A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file…
CVE-2020-20725 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in…
CVE-2021-44983 — CVSS 4.9 (medium): In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
CVE-2022-23316 — CVSS 4.9 (medium): An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ct…
CVE-2021-44969 — CVSS 4.8 (medium): Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
CVE-2021-25785 — CVSS 4.8 (medium): Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.