CVE-2021-44983 : In taocms 3.0.1 after logging in to the background, there is an Arbitrary file d

In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.

Published 2022-02-04 14:15:08

Updated 2022-02-08 20:08:47

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-44983

Taogogo » Taocms » Version: 3.0.1
cpe:2.3:a:taogogo:taocms:3.0.1:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.61%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Assigned by: nvd@nist.gov (Primary)

https://github.com/taogogo/taocms/issues/10

There is a Arbitrary file download attack at " File Management column"(administrator authority) · Issue #10 · taogogo/taocms · GitHub
Exploit;Third Party Advisory

Jump to