CVE-2019-16642

Name of the Vulnerable Software and Affected Versions TuziCMS version 2.0.6

Description The issue concerns SQL injection in TuziCMS. Specifically, it affects the index.php/Mobile/Zhuanti/group?id= endpoint, where the id parameter is vulnerable to SQL injection attacks. This could potentially allow attackers to manipulate database queries.

Recommendations For TuziCMS version 2.0.6, as a temporary workaround, consider restricting access to the index.php/Mobile/Zhuanti/group?id= endpoint until a patch is available. Avoid using the id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.