Taogogo ≫ Taocms

Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.

taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).

Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been ...

Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.

An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.