CVE-2025-3800 | WCMS 11 AnonymousController.php mobile_phone sql injection

A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection.

This vulnerability is known as CVE-2025-3800. The attack can be launched remotely. Furthermore, there is an exploit available.

Other parameters might be affected as well.VulDB Recent EntriesRead More