CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33350
https://notcve.org/view.php?id=CVE-2024-33350
29 Apr 2024 — Directory Traversal vulnerability in TaoCMS v.3.0.2 allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component. Vulnerabilidad de Directory Traversal en TaoCMS v.3.0.2 permite a un atacante remoto ejecutar código arbitrario y obtener información confidencial a través del componente include/model/file.php. • https://github.com/majic-banana/vulnerability/blob/main/POC/taocms-3.0.2%20Arbitrary%20File%20Writing%20Vulnerability.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23387
https://notcve.org/view.php?id=CVE-2022-23387
01 Mar 2022 — An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field. Se ha detectado un problema en taocms versión 3.0.2. Se trata de una inyección ciega de SQL que puede obtener datos de la base de datos mediante el campo de actualización de comentarios. • https://github.com/taogogo/taocms/issues • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •