Login Sign Up

CVE-2025-13783

6.3 MEDIUM
SQL Injection

📋 TL;DR

This CVE describes a SQL injection vulnerability in taosir WTCMS's comment administration component. Attackers can remotely exploit this flaw by manipulating comment IDs to execute arbitrary SQL commands. All installations up to commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 are affected.

💻 Affected Systems

Products:
  • taosir WTCMS
Versions: All versions up to commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Rolling release model means specific version numbers are unavailable. All installations before the fix commit are vulnerable.

📦 What is this software?

Wtcms by Wtcms Project

View all CVEs affecting Wtcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or full system takeover via SQL injection escalation.

🟠

Likely Case

Unauthorized data access, comment manipulation, or privilege escalation through SQL injection.

🟢

If Mitigated

Limited impact if proper input validation and parameterized queries are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires comment administration access. Public exploit code exists according to references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize comment ID parameters before processing

# Modify application/Comment/Controller/CommentadminController.class.php
# Add parameter validation for 'ids' parameter before SQL execution

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

# Example ModSecurity rule:
# SecRule ARGS:ids "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

  • Restrict access to comment administration interface to trusted IP addresses only
  • Implement database monitoring to detect unusual SQL query patterns

🔍 How to Verify

Check if Vulnerable:

Check if your installation uses commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 or earlier in the CommentadminController.class.php file

Check Version:

git log --oneline -1 application/Comment/Controller/CommentadminController.class.php

Verify Fix Applied:

Verify that input validation has been added to the 'ids' parameter handling in CommentadminController.class.php

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple comment administration requests with SQL-like patterns in 'ids' parameter

Network Indicators:

  • HTTP POST requests to comment administration endpoints with suspicious 'ids' parameter values

SIEM Query:

source="web_logs" AND uri="/comment/admin" AND (ids CONTAINS "'" OR ids CONTAINS "--" OR ids CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2025-13783
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.05% exploit probability (15.7th percentile)
Published: November 30, 2025
Last Updated: December 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13783, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)