Description
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
References (2)
Core 2
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://www.star123.top/2021/01/16/duxcms3-1-3%E5%AE%A1%E8%AE%A1/
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/duxphp/DuxCMS3/issues/4
Scores
CVSS v3
9.8
EPSS
0.0024
EPSS Percentile
47.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
duxcms_project/duxcms
3.1.3
Published
Feb 16, 2022
Tracked Since
Feb 18, 2026