Login Sign Up

CVE-2025-5149

5.6 MEDIUM
Authentication Bypass

📋 TL;DR

This CVE describes an improper authentication vulnerability in WCMS that allows attackers to bypass authentication mechanisms by manipulating the uid parameter in the getMemberByUid function. The vulnerability affects WCMS versions up to 8.3.11 and can be exploited remotely, potentially granting unauthorized access to administrative functions.

💻 Affected Systems

Products:
  • WCMS
Versions: up to 8.3.11
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Login component via /index.php?articleadmin/getallcon endpoint

📦 What is this software?

Wcms by Wcms

View all CVEs affecting Wcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through administrative access leading to data theft, defacement, or further privilege escalation.

🟠

Likely Case

Unauthorized access to administrative functions, potentially allowing content manipulation or user data exposure.

🟢

If Mitigated

Limited impact with proper network segmentation and authentication controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploit has been publicly disclosed but exploitation appears difficult according to vulnerability description

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to version 8.3.12 or later if released by vendor.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to the vulnerable /index.php?articleadmin/getallcon endpoint

# Example for Apache: RewriteRule ^index\.php\?articleadmin\/getallcon - [F,L]
# Example for Nginx: location ~* /index\.php\?articleadmin\/getallcon { deny all; }

Implement WAF rules

all

Add web application firewall rules to detect and block uid parameter manipulation

# ModSecurity rule example: SecRule ARGS:uid "@rx malicious_pattern" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure of WCMS instances
  • Enable detailed authentication logging and monitor for suspicious uid parameter usage

🔍 How to Verify

Check if Vulnerable:

Check WCMS version in admin panel or configuration files. If version is 8.3.11 or earlier, system is vulnerable.

Check Version:

# Check version in WCMS admin panel or look for version information in configuration files

Verify Fix Applied:

Verify version is upgraded beyond 8.3.11 or test the vulnerable endpoint with proper security testing tools.

📡 Detection & Monitoring

Log Indicators:

  • Unusual uid parameter values in access logs
  • Multiple failed authentication attempts followed by successful access
  • Access to /index.php?articleadmin/getallcon with manipulated parameters

Network Indicators:

  • Unusual traffic patterns to the vulnerable endpoint
  • Requests with abnormal uid parameter values

SIEM Query:

source="web_access_logs" AND uri="*index.php?articleadmin/getallcon*" AND (param.uid!="" OR param.uid!="normal_value")

📊 Metadata

CVE ID: CVE-2025-5149
CVSS v3 Score: 5.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-287
EPSS Score: 0.33% exploit probability (55.7th percentile)
Published: May 25, 2025
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5149, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)