CVE-2025-13782

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions prior to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665

Description A flaw exists in the

delete

function within the

SlideController.class.php

file of the SlideController component. Manipulation of the

ids

argument can lead to SQL injection. Remote exploitation is possible. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Versions prior to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 should be updated. As a temporary workaround, consider restricting access to the

SlideController

component or disabling the

delete

function until a patch is available.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2025-13782

Affected Products

Taosir Wtcms

CVE-2025-13782

Weakness Enumeration

Related Identifiers

Affected Products

References · 6