CVE-2025-13783 identifies a SQL injection vulnerability in the taosir WTCMS content management system, specifically in the CommentadminController.class.php file within the check, uncheck, and delete functions. The vulnerability arises from improper sanitization or validation of the 'ids' parameter, which is used directly in SQL queries. This allows an unauthenticated remote attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability affects the WTCMS version identified by commit 01a5f68a3dfc2fdddb44eed967bb2d4f60487665, but due to the product's rolling release model, exact versioning is difficult to track. The vendor has not responded to disclosure attempts, and no official patch is available. Public exploit code has been released, increasing the likelihood of exploitation. The CVSS 4.0 base score is 5.3 (medium), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The vulnerability does not require authentication or user interaction, making it easier to exploit remotely. The lack of supply chain or software composition transparency further complicates risk management. Organizations running taosir WTCMS with exposed comment administration interfaces are at risk of data breaches or service disruption through SQL injection attacks.

For European organizations, exploitation of this vulnerability could lead to unauthorized access to sensitive data stored in the CMS database, including user comments, administrative data, or other content managed via WTCMS. Attackers could manipulate or delete data, undermining data integrity and availability of web services. This could result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and operational disruptions. Organizations relying on WTCMS for public-facing websites or community engagement platforms are particularly vulnerable. The public availability of exploit code increases the risk of automated attacks and widespread exploitation. Given the medium severity, the impact is significant but may be contained if the affected component is not exposed externally or if compensating controls exist. However, the lack of vendor response and patch availability increases the window of exposure. European entities in sectors such as media, education, or government using WTCMS may face targeted attacks aiming to deface websites or extract sensitive information.

1. Immediately implement strict input validation and sanitization on the 'ids' parameter in the CommentadminController functions to prevent SQL injection. 2. Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection attempts targeting WTCMS comment administration endpoints. 3. Restrict access to the comment administration interface to trusted internal networks or via VPN to reduce exposure. 4. Monitor database logs and web server logs for unusual queries or access patterns indicative of exploitation attempts. 5. If possible, isolate the CMS database with least privilege principles to limit the impact of a successful injection. 6. Consider temporary disabling or restricting comment management features until a vendor patch or official fix is released. 7. Engage in active threat hunting for signs of compromise related to this vulnerability. 8. Maintain regular backups of CMS data to enable recovery in case of data tampering or deletion. 9. Follow up with the vendor or community for updates or patches and apply them promptly once available. 10. Educate administrators about the risks and signs of SQL injection exploitation.