CVE advisoryCRITICAL
CVE-2022-36262
TaoCMS Arbitrary PHP Code Injection in Website Settings.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in taocms website settings allows unauthenticated attackers to inject and execute arbitrary PHP code by modifying the `config.php` file, potentially leading to server compromise. It is uncertain if your organization uses taocms, which is a content management system.