CVE-2024-33350

Name of the Vulnerable Software and Affected Versions TaoCMS version 3.0.2

Description A Directory Traversal issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the include/model/file.php component.

Recommendations For TaoCMS version 3.0.2, consider restricting access to the include/model/file.php component until a patch is available. As a temporary workaround, avoid using the file.php component in the include/model directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.