PT-2022-15923 · Taocms · Taocms

Destinypwd

Published

2022-02-04

Updated

2022-02-08

CVE-2022-23316

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions taoCMS version 3.0.2

Description An issue in taoCMS allows for an arbitrary file read, enabling access to any files. This is achieved via the "admin.php" endpoint with specific parameters: action set to "file", ctrl set to "download", and path manipulated to access files outside the intended directory, such as "../../1.txt".

Recommendations For taoCMS version 3.0.2, consider restricting access to the "admin.php" endpoint, specifically the file download functionality, until a patch is available. As a temporary workaround, avoid using the path parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2022-23316

Affected Products

Taocms

PT-2022-15923 · Taocms · Taocms

CVE-2022-23316

Weakness Enumeration

Related Identifiers

Affected Products

References · 4