Arbitrary File Read and SQL Injection Vulnerabilities in Taocms v3.0.2

Arbitrary File Read and SQL Injection Vulnerabilities in Taocms v3.0.2

CVE-2021-46204 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.