CVE-2025-13782 | taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 SlideController SlideController.class.php delete ids sql injection

A vulnerability marked as critical has been reported in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql injection.

This vulnerability is referenced as CVE-2025-13782. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More