CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34654
https://notcve.org/view.php?id=CVE-2023-34654
taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). • https://gist.github.com/ae6e361b/b7f162eba1a91df3ad9dc71ec9935960 https://github.com/ae6e361b/taocms-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1947 – taoCMS admin.php code injection
https://notcve.org/view.php?id=CVE-2023-1947
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. • https://gitee.com/misak7in/cve/blob/master/taocms.md https://vuldb.com/?ctiid.225330 https://vuldb.com/?id.225330 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34167
https://notcve.org/view.php?id=CVE-2021-34167
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php. • https://github.com/taogogo/taocms/issues/6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48006
https://notcve.org/view.php?id=CVE-2022-48006
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. • https://github.com/taogogo/taocms/issues/35 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46998
https://notcve.org/view.php?id=CVE-2022-46998
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF). Un problema en el fondo del sitio web de taocms v3.0.2 permite a los atacantes ejecutar Server-Side Request Forgery (SSRF). • https://www.yuque.com/shiyi-5yjak/hx4unh/kgnanw3lt8wg1tx2#%20%E3%80%8Ataocms-3.0.2-ssrf%E3%80%8B • CWE-918: Server-Side Request Forgery (SSRF) •