CVE-2025-3799 – This critical SQL injection vulnerability in WC... (How to Fix)

Q: What is the severity of CVE-2025-3799?

CVE-2025-3799 has a CVSS score of 7.3 (HIGH). This critical SQL injection vulnerability in WCMS 11 allows remote attackers to execute arbitrary SQL commands by manipulating email/username parameters in the AnonymousController.php file. Attackers can potentially access, modify, or delete database content. All WCMS 11 installations using the affected component are vulnerable.

📋 TL;DR

This critical SQL injection vulnerability in WCMS 11 allows remote attackers to execute arbitrary SQL commands by manipulating email/username parameters in the AnonymousController.php file. Attackers can potentially access, modify, or delete database content. All WCMS 11 installations using the affected component are vulnerable.

💻 Affected Systems

Products:

WCMS

Versions: Version 11

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the AnonymousController.php component which handles authentication/registration functions.

📦 What is this software?

Wcms by Wcms

View all CVEs affecting Wcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, user account compromise, and potential privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available and SQL injection vulnerabilities are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or apply workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Add strict input validation for email/username parameters to reject SQL special characters

Modify app/controllers/AnonymousController.php to validate inputs before processing

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rules to detect and block SQL injection attempts in email/username parameters

🧯 If You Can't Patch

Implement network segmentation to isolate WCMS from critical databases
Enable detailed SQL query logging and monitor for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Test email/username parameters with SQL injection payloads like ' OR '1'='1

Check Version:

Check WCMS version in admin panel or configuration files

Verify Fix Applied:

Test with same payloads after applying fixes - should return validation errors instead of executing SQL

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed login attempts with SQL patterns

Network Indicators:

HTTP requests containing SQL keywords in email/username parameters

SIEM Query:

web_requests WHERE url_parameters CONTAINS 'OR' AND url_parameters CONTAINS '1=1'

📊 Metadata

CVE ID: CVE-2025-3799

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-74

EPSS Score: 0.23% exploit probability (45.7th percentile)

Published: April 19, 2025

Last Updated: July 15, 2025

🔗 References

https://github.com/IceFoxH/VULN/issues/15 Exploit,Issue Tracking
https://vuldb.com/?ctiid.305652 Permissions Required,VDB Entry
https://vuldb.com/?id.305652 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.554697 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3799, you might also want to check these: