Xuchaofan

**Name of the Vulnerable Software and Affected Versions** taocms version 3.0.2 **Description** The issue is a SQL blind injection that can obtain database data through the `Comment Update` field. This allows unauthorized access to database information. **Recommendations** For taocms version 3.0.2, consider restricting access to the `Comment Update` field until a patch is available. As a temporary workaround, avoid using the `Comment Update` field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.