Tuzicms Security Vulnerabilities - January
App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.
9.8CVSS
9.8AI Score
0.002EPSS
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.
9.8CVSS
9.8AI Score
0.002EPSS
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.
9.8CVSS
9.8AI Score
0.001EPSS
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.
9.8CVSS
9.9AI Score
0.001EPSS
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.
9.8CVSS
9.7AI Score
0.002EPSS