Skip to main content

Tuzicms

13 CVEs product

Monthly

CVE-2023-0244 CRITICAL POC Act Now

A vulnerability classified as critical was found in TuziCMS 2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-0243 CRITICAL POC Act Now

A vulnerability classified as critical has been found in TuziCMS 2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-23882 CRITICAL POC Act Now

TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-26301 CRITICAL POC Act Now

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44349 CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44348 CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44347 CRITICAL POC Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-16659 HIGH POC This Week

TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Tuzicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-16658 HIGH POC This Week

TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Tuzicms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2019-16657 MEDIUM POC This Month

TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tuzicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-16644 CRITICAL POC Act Now

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-16642 CRITICAL POC Act Now

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2018-10185 HIGH POC This Week

An issue was discovered in TuziCMS v2.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tuzicms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in TuziCMS 2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical has been found in TuziCMS 2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Tuzicms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Tuzicms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tuzicms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tuzicms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in TuziCMS v2.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Tuzicms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy