PT-2022-15968 · Taocms · Taocms

Xuchaofan

Published

2022-03-01

Updated

2022-03-09

CVE-2022-23387

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions taocms version 3.0.2

Description The issue is a SQL blind injection that can obtain database data through the Comment Update field. This allows unauthorized access to database information.

Recommendations For taocms version 3.0.2, consider restricting access to the Comment Update field until a patch is available. As a temporary workaround, avoid using the Comment Update field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-23387

Affected Products

Taocms

PT-2022-15968 · Taocms · Taocms

CVE-2022-23387

Weakness Enumeration

Related Identifiers

Affected Products

References · 6