CVE-2025-13782 identifies a SQL injection vulnerability in the taosir WTCMS content management system, affecting versions up to commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. The vulnerability exists in the delete function of the SlideController component (application/Admin/Controller/SlideController.class.php), where the 'ids' parameter is not properly sanitized before being used in SQL queries. This improper input validation allows an unauthenticated remote attacker to inject malicious SQL code, potentially manipulating the database to extract, modify, or delete data. The vulnerability does not require authentication or user interaction, making it easier to exploit remotely. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network attack vector, low complexity, no privileges or user interaction needed, and partial impact on confidentiality, integrity, and availability. The vendor follows a rolling release model, complicating version tracking and patching, and has not responded to vulnerability disclosure efforts. Although no active exploitation has been reported, a public exploit is available, increasing the likelihood of future attacks. This vulnerability poses a significant risk to organizations relying on taosir WTCMS for web content management, especially those hosting sensitive or critical data.

For European organizations, exploitation of this SQL injection vulnerability could lead to unauthorized access to sensitive data stored in the backend database, including user information, configuration settings, or proprietary content. Attackers could modify or delete data, causing data integrity issues and potential service disruptions. The ability to execute arbitrary SQL commands remotely without authentication increases the risk of widespread compromise, especially in public-facing web applications. This could result in reputational damage, regulatory penalties under GDPR for data breaches, and operational downtime. Organizations in sectors such as government, finance, healthcare, and media that rely on taosir WTCMS for content management are particularly vulnerable. The lack of vendor response and patch complicates timely remediation, increasing exposure duration. Additionally, the availability of a public exploit lowers the barrier for attackers, potentially leading to automated mass scanning and exploitation campaigns targeting European infrastructure.

European organizations using taosir WTCMS should immediately audit their installations to identify affected versions. Given the absence of an official patch, organizations should implement the following mitigations: 1) Apply manual input validation and sanitization on the 'ids' parameter in the SlideController delete function to prevent injection, using parameterized queries or prepared statements. 2) Restrict access to the administrative interface via network controls such as VPNs, IP whitelisting, or web application firewalls (WAFs) with SQL injection detection rules. 3) Monitor web server and application logs for suspicious requests targeting the delete function or unusual SQL errors. 4) Employ database activity monitoring to detect anomalous queries indicative of injection attempts. 5) Consider temporary disabling or restricting the delete functionality if feasible until a vendor patch is released. 6) Engage with the vendor or community to obtain updates or patches and subscribe to security advisories for taosir WTCMS. 7) Conduct regular backups of the CMS database to enable recovery in case of data tampering or loss. These targeted mitigations go beyond generic advice by focusing on the specific vulnerable component and attack vector.