TuziCMS (Rabbit CMS) is a PHP and MySQL based enterprise website content management system. SQL injection vulnerability exists in TuziCMS version v2.0.6, which originates from the id parameter in AppManageControllerAdvertController.class.php, and can be exploited by attackers to vulnerability can be exploited to obtain sensitive database information.