DuxCMS v3.1.3 exists to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
duxcms project duxcms 3.1.3