Search Results | AttackerKB

Show filters

Topics 24 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

24 Total Results

Displaying 11-20 of 24

Attacker Value

Unknown

CVE-2022-25505

Disclosure Date: March 21, 2022 (last updated February 23, 2025)

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-25578

Disclosure Date: March 18, 2022 (last updated February 23, 2025)

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-23380

Disclosure Date: March 01, 2022 (last updated February 23, 2025)

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2021-44969

Disclosure Date: February 10, 2022 (last updated February 23, 2025)

Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.

Attack Vector: Network Privileges: High User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-44983

Disclosure Date: February 04, 2022 (last updated February 23, 2025)

In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.

Attack Vector: Network Privileges: High User Interaction: None

0

Attacker Value

Unknown

CVE-2022-23316

Disclosure Date: February 04, 2022 (last updated February 23, 2025)

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.

Attack Vector: Network Privileges: High User Interaction: None

0

Attacker Value

Unknown

CVE-2021-46204

Disclosure Date: January 19, 2022 (last updated February 23, 2025)

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2021-46203

Disclosure Date: January 19, 2022 (last updated February 23, 2025)

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2021-45015

Disclosure Date: December 14, 2021 (last updated February 23, 2025)

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2021-45014

Disclosure Date: December 14, 2021 (last updated February 23, 2025)

There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26

Attack Vector: Network Privileges: None User Interaction: None

0