VYPR
Vendor

TuziCMS

Products
2
CVEs
12
Across products
13
Status
Private

Products

2

Recent CVEs

12
  • CVE-2022-46999CriJan 26, 2023
    risk 0.64cvss 9.8epss 0.01

    Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php.

  • CVE-2022-23882CriMar 28, 2022
    risk 0.64cvss 9.8epss 0.01

    TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.

  • CVE-2022-26301CriMar 24, 2022
    risk 0.64cvss 9.8epss 0.01

    TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.

  • CVE-2021-44349CriDec 3, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.

  • CVE-2021-44348CriDec 3, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.

  • CVE-2021-44347CriDec 3, 2021
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.

  • CVE-2019-16644CriSep 20, 2019
    risk 0.64cvss 9.8epss 0.01

    App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.

  • CVE-2019-16642CriSep 20, 2019
    risk 0.64cvss 9.8epss 0.02

    App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.

  • CVE-2018-10185HigApr 17, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.

  • CVE-2023-0244MedJan 12, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2023-0243MedJan 12, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to…

  • CVE-2019-16657MedSep 21, 2019
    risk 0.40cvss 6.1epss 0.01

    TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.