Headline
CVE-2021-46203: arbitrary file read vulnerability · Issue #13 · taogogo/taocms
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
poc
After login as admin,file manager and downloadfunction
after change path param can read arbitrary file
analysis
location:include/File.php
we can use …/ to traverse to the previous directory
suggest
you can check path ,for example check if it has ..
then refuse this request