Evilmu1

**Name of the Vulnerable Software and Affected Versions** TuziCMS version 2.0.6 **Description** A critical issue has been found in the Article Module of TuziCMS, specifically affecting the `index` function of the `ArticleController.class.php` file. The manipulation of the `id` argument leads to SQL injection, allowing for remote attacks. The issue has been publicly disclosed and may be exploited. **Recommendations** For TuziCMS version 2.0.6, as a temporary workaround, consider restricting access to the `ArticleController.class.php` file or disabling the `index` function to minimize the risk of exploitation. Avoid using the `id` argument in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TuziCMS version 2.0.6 **Description** A critical vulnerability was found in TuziCMS, affecting the `delall` function of the file `AppManageControllerKefuController.class.php`. The manipulation of the `id` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For TuziCMS version 2.0.6, consider disabling the `delall` function of the `KefuController.class.php` file until a patch is available. Restrict access to the vulnerable `id` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Online Flight Booking Management System (affected versions not specified) **Description** A critical issue has been found in the SourceCodester Online Flight Booking Management System, affecting the file add contestant.php. The manipulation of the `add contestant` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.