CVE-2022-48006

Name of the Vulnerable Software and Affected Versions taocms version 3.0.2

Description The issue allows attackers to execute arbitrary code via a crafted PHP file. This is exploited through manipulation of the upext variable at the "/include/Model/Upload.php" endpoint.

Recommendations For taocms version 3.0.2, consider disabling the file upload functionality until a patch is available to prevent exploitation. Restrict access to the "/include/Model/Upload.php" endpoint to minimize the risk of arbitrary code execution. Avoid using the upext variable in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.