taogogo CVE Vulnerabilities & Metrics

Focus on taogogo vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About taogogo Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with taogogo. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total taogogo CVEs: 24
Earliest CVE date: 11 Feb 2019, 04:29 UTC
Latest CVE date: 05 Jul 2023, 20:15 UTC

Latest CVE reference: CVE-2023-34654

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical taogogo CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.29

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	9
4.0-6.9	9
7.0-8.9	6
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS taogogo CVEs

These are the five CVEs with the highest CVSS scores for taogogo, sorted by severity first and recency.

CVE-2022-23880 taogogo Published on 23 Mar 2022, 21:15 UTC (CVSS: 7.5)
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-25505 taogogo Published on 21 Mar 2022, 00:15 UTC (CVSS: 7.5)
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.
CVE-2022-25578 taogogo Published on 18 Mar 2022, 23:15 UTC (CVSS: 7.5)
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
CVE-2021-46204 taogogo Published on 19 Jan 2022, 18:15 UTC (CVSS: 7.5)
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.
CVE-2021-45014 taogogo Published on 14 Dec 2021, 14:15 UTC (CVSS: 7.5)
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26

All CVEs for taogogo

CVE-2023-34654 taogogo vulnerability CVSS: 0 05 Jul 2023, 20:15 UTC

taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).

CVE-2020-20725 taogogo vulnerability CVSS: 0 20 Jun 2023, 15:15 UTC

Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.

CVE-2023-1947 taogogo vulnerability CVSS: 6.5 07 Apr 2023, 23:15 UTC

A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability.

CVE-2021-34167 taogogo vulnerability CVSS: 0 24 Feb 2023, 21:15 UTC

Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.

CVE-2022-48006 taogogo vulnerability CVSS: 0 30 Jan 2023, 22:15 UTC

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.

CVE-2022-46998 taogogo vulnerability CVSS: 0 26 Jan 2023, 21:18 UTC

An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).

CVE-2022-36261 taogogo vulnerability CVSS: 0 23 Aug 2022, 13:15 UTC

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt

CVE-2022-36262 taogogo vulnerability CVSS: 0 15 Aug 2022, 12:15 UTC

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.

CVE-2021-44915 taogogo vulnerability CVSS: 6.5 05 Jul 2022, 18:15 UTC

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

CVE-2022-23880 taogogo vulnerability CVSS: 7.5 23 Mar 2022, 21:15 UTC

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-25505 taogogo vulnerability CVSS: 7.5 21 Mar 2022, 00:15 UTC

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.

CVE-2022-25578 taogogo vulnerability CVSS: 7.5 18 Mar 2022, 23:15 UTC

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

CVE-2022-23380 taogogo vulnerability CVSS: 6.5 01 Mar 2022, 14:15 UTC

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

CVE-2021-44969 taogogo vulnerability CVSS: 3.5 10 Feb 2022, 23:15 UTC

Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.

CVE-2021-44983 taogogo vulnerability CVSS: 4.0 04 Feb 2022, 14:15 UTC

In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.

CVE-2022-23316 taogogo vulnerability CVSS: 4.0 04 Feb 2022, 12:15 UTC

An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt.

CVE-2021-46204 taogogo vulnerability CVSS: 7.5 19 Jan 2022, 18:15 UTC

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

CVE-2021-46203 taogogo vulnerability CVSS: 4.0 19 Jan 2022, 18:15 UTC

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.

CVE-2021-45015 taogogo vulnerability CVSS: 6.4 14 Dec 2021, 14:15 UTC

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72.

CVE-2021-45014 taogogo vulnerability CVSS: 7.5 14 Dec 2021, 14:15 UTC

There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26

CVE-2021-25785 taogogo vulnerability CVSS: 3.5 02 Dec 2021, 23:15 UTC

Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.

CVE-2021-25784 taogogo vulnerability CVSS: 6.5 02 Dec 2021, 23:15 UTC

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.

CVE-2021-25783 taogogo vulnerability CVSS: 6.5 02 Dec 2021, 23:15 UTC

Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.

CVE-2019-7720 taogogo vulnerability CVSS: 7.5 11 Feb 2019, 04:29 UTC

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.