yeyinshi/tuzicms

GitHub

github.com

www.tuzicms.com

Releases0

Stars9

TuziCMS（兔子cms）是基于ThinkPHP3.2框架开发的企业网站管理系统，提供更方便、更安全的WEB应用开发体验，国内PHP+MYSQL 开源建站程序，它具有操作简单、功能强大、稳定性好、扩展性强，二次开发及后期维护方便，可以帮您快速构建起一个强大专业的企业网站。交流官方QQ群：383851010

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-0244 ↗	Jan 12, 2023Thursday, 12 January 2023, 15:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152.
CVE-2023-0243 ↗	Jan 12, 2023Thursday, 12 January 2023, 15:15	6.3 MEDIUM	6.5 MEDIUM
A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151.
CVE-2022-23882 ↗	Mar 28, 2022Monday, 28 March 2022, 12:15	9.8 CRITICAL	7.5 HIGH
TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.
CVE-2022-26301 ↗	Mar 24, 2022Thursday, 24 March 2022, 22:15	9.8 CRITICAL	7.5 HIGH
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.
CVE-2021-44349 ↗	Dec 3, 2021Friday, 3 December 2021, 20:15	9.8 CRITICAL	7.5 HIGH
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.
CVE-2021-44348 ↗	Dec 3, 2021Friday, 3 December 2021, 20:15	9.8 CRITICAL	7.5 HIGH
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.
CVE-2021-44347 ↗	Dec 3, 2021Friday, 3 December 2021, 19:15	9.8 CRITICAL	7.5 HIGH
SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php.
CVE-2019-16659 ↗	Sep 21, 2019Saturday, 21 September 2019, 18:15	8.8 HIGH	6.8 MEDIUM
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.
CVE-2019-16658 ↗	Sep 21, 2019Saturday, 21 September 2019, 18:15	8.8 HIGH	6.8 MEDIUM
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
CVE-2019-16657 ↗	Sep 21, 2019Saturday, 21 September 2019, 18:15	6.1 MEDIUM	4.3 MEDIUM
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
CVE-2019-16644 ↗	Sep 20, 2019Friday, 20 September 2019, 16:15	9.8 CRITICAL	7.5 HIGH
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
CVE-2019-16642 ↗	Sep 20, 2019Friday, 20 September 2019, 15:15	9.8 CRITICAL	7.5 HIGH
App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring.
CVE-2018-10185 ↗	Apr 17, 2018Tuesday, 17 April 2018, 19:29	—	6.8 MEDIUM
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.