Login Sign Up

CVE-2025-13782

7.3 HIGH
SQL Injection

📋 TL;DR

This CVE describes an SQL injection vulnerability in taosir WTCMS's SlideController component. Attackers can exploit this to execute arbitrary SQL commands on the database. All installations up to commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 are affected.

💻 Affected Systems

Products:
  • taosir WTCMS
Versions: All versions up to commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the SlideController component specifically. Rolling release model means no specific version numbers provided.

📦 What is this software?

Wtcms by Wtcms Project

View all CVEs affecting Wtcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, or deletion, and potential server takeover via SQL injection extensions.

🟠

Likely Case

Unauthorized data access, modification of slide content, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting exploit scope.

🌐 Internet-Facing: HIGH - Remote exploitation is possible and public exploit exists.
🏢 Internal Only: MEDIUM - Internal attackers could exploit, but external threat is higher.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires access to the SlideController delete function. Public references indicate exploit details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative CMS or implementing custom fixes.

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameter validation to the delete function in SlideController.class.php

Edit application/Admin/Controller/SlideController.class.php and add input sanitization for 'ids' parameter

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule to detect and block SQL injection attempts in POST parameters

🧯 If You Can't Patch

  • Restrict access to the Admin panel to trusted IP addresses only
  • Implement database user with minimal permissions (read-only where possible)

🔍 How to Verify

Check if Vulnerable:

Check if your installation is at or before commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665

Check Version:

git log --oneline -1

Verify Fix Applied:

Test the SlideController delete function with SQL injection payloads to confirm they're blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple delete requests to SlideController with suspicious parameters

Network Indicators:

  • POST requests to */Admin/Controller/SlideController with SQL injection patterns in parameters

SIEM Query:

source="web_logs" AND uri="*SlideController*" AND (param="*UNION*" OR param="*SELECT*" OR param="*INSERT*" OR param="*DELETE*")

📊 Metadata

CVE ID: CVE-2025-13782
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.04% exploit probability (10.8th percentile)
Published: November 30, 2025
Last Updated: December 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13782, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)