Taogogo CVE - OpenCVE

Filtered by vendor Taogogo Subscriptions

Total 24 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-7720	1 Taogogo	1 Taocms	2024-09-16	N/A
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
CVE-2020-20725	1 Taogogo	1 Taocms	2024-08-04	6.1 Medium
Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.
CVE-2021-46203	1 Taogogo	1 Taocms	2024-08-04	6.5 Medium
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
CVE-2021-46204	1 Taogogo	1 Taocms	2024-08-04	9.8 Critical
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
CVE-2021-44983	1 Taogogo	1 Taocms	2024-08-04	4.9 Medium
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.
CVE-2021-45015	1 Taogogo	1 Taocms	2024-08-04	9.1 Critical
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.
CVE-2021-45014	1 Taogogo	1 Taocms	2024-08-04	9.8 Critical
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
CVE-2021-44969	1 Taogogo	1 Taocms	2024-08-04	4.8 Medium
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
CVE-2021-44915	1 Taogogo	1 Taocms	2024-08-04	7.2 High
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
CVE-2021-34167	1 Taogogo	1 Taocms	2024-08-04	8.8 High
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.
CVE-2021-25785	1 Taogogo	1 Taocms	2024-08-03	4.8 Medium
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
CVE-2021-25783	1 Taogogo	1 Taocms	2024-08-03	7.2 High
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
CVE-2021-25784	1 Taogogo	1 Taocms	2024-08-03	7.2 High
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.
CVE-2022-48006	1 Taogogo	1 Taocms	2024-08-03	9.8 Critical
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
CVE-2022-46998	1 Taogogo	1 Taocms	2024-08-03	9.8 Critical
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
CVE-2022-36262	1 Taogogo	1 Taocms	2024-08-03	9.8 Critical
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.
CVE-2022-36261	1 Taogogo	1 Taocms	2024-08-03	9.1 Critical
An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt
CVE-2022-25578	1 Taogogo	1 Taocms	2024-08-03	9.8 Critical
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
CVE-2022-25505	1 Taogogo	1 Taocms	2024-08-03	9.8 Critical
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-23880	1 Taogogo	1 Taocms	2024-08-03	9.8 Critical
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.

Page 1 of 2. next last »