HIGHCVE-2025-13786CVSS 7.3

CVE-2025-13786: Code Injection in WTCMS

Platform

php

Component

cve-report

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

CVE-2025-13786 represents a code injection vulnerability discovered in WTCMS, affecting versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Attackers can exploit this flaw by manipulating the 'content' argument within the /index.php fetch function, leading to potential remote code execution. Due to the product's rolling release model, specific fixed versions are not available, requiring alternative mitigation strategies.

Impact and Attack Scenarios

The impact of CVE-2025-13786 is significant due to the ease of remote exploitation and the potential for complete system compromise. An attacker could inject arbitrary code through the manipulated 'content' argument, gaining control over the WTCMS server. This could lead to data breaches, defacement of the website, installation of malware, or even pivoting to other systems on the network. The availability of a public exploit dramatically increases the risk, as it lowers the barrier to entry for malicious actors. The lack of a fixed version amplifies the urgency of implementing immediate mitigations.

Exploitation Context

This vulnerability is actively being exploited, as evidenced by the public availability of a proof-of-concept. The vendor has been notified but has not responded, increasing the risk. While not yet listed on CISA KEV, the public exploit and high severity warrant close monitoring. The exploit's simplicity suggests a high probability of widespread exploitation if left unaddressed.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.06% (19% percentile)

CISA SSVC

Exploitationpoc

Automatableyes

Technical Impactpartial

CVSS Vector

Affected Software

Componentcve-report

Vendortaosir

Affected rangeFixed in

01a5f68a3dfc2fdddb44eed967bb2d4f60487665 – 01a5f68a3dfc2fdddb44eed967bb2d4f60487665—

Weakness Classification (CWE)

CWE-94 CWE-74

Timeline

Reserved2025-11-29
Published2025-11-30
Modified2025-12-01
EPSS updated2026-03-23

Unpatched — 175 days since disclosure

Mitigation and Workarounds

Given the absence of a fixed version for WTCMS, immediate mitigation is crucial. Implement strict input validation on the 'content' argument within the /index.php fetch function to prevent malicious code from being injected. Deploy a Web Application Firewall (WAF) with rules to detect and block attempts to manipulate this parameter. Consider temporarily disabling the vulnerable /index.php endpoint if feasible. Regularly monitor server logs for suspicious activity related to the /index.php endpoint. After implementing these mitigations, verify their effectiveness by attempting to reproduce the vulnerability with a safe test payload.

How to fix

Actualice WTCMS a la última versión disponible. Si no hay actualizaciones disponibles, considere deshabilitar o eliminar el componente hasta que se publique una solución. Consulte con el proveedor para obtener más información sobre la disponibilidad de parches.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-13786 — Code Injection in WTCMS?

CVE-2025-13786 is a code injection vulnerability in WTCMS versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665, allowing attackers to execute arbitrary code remotely.

Am I affected by CVE-2025-13786 in WTCMS?

If you are using WTCMS version 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 or earlier, you are potentially affected by this vulnerability.

How do I fix CVE-2025-13786 in WTCMS?

Due to the rolling release model, a fixed version is not currently available. Implement input validation and WAF rules as immediate mitigations.

Is CVE-2025-13786 being actively exploited?

Yes, a public exploit exists, indicating active exploitation is likely occurring.

Where can I find the official WTCMS advisory for CVE-2025-13786?

The vendor has not released an official advisory at this time.