CNNVD-202511-3065 Information

Nov 30, 2025 cve

CNNVD ID

CNNVD-202511-3065

CVE-2025-13786

  • CNNVD Published: 2025-11-30

Description (Chinese)

wtcms是Taosir个人开发者的一套基于ThinkPHP的内容管理系统(CMS)。 wtcms存在代码注入漏洞,该漏洞源于对文件/index.php中参数content的错误操作,可能导致代码注入。

Description (English)

wtcms is a ThinkPHP-based content management system (CMS) for Taosir personal developers. wtcms has a code-infusion loophole, which results from an error in the parameter content in the file/index.php, which may result in a code-injection.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-11-30

Last Modified

2026-02-24

References

https://github.com/TiKi-r/CVE-Report/blob/main/WtcmsRCE.md#3-proof-of-concept-poc https://vuldb.com/?id.333790 https://vuldb.com/?submit.689523 https://vuldb.com/?ctiid.333790 https://access.redhat.com/security/cve/cve-2025-13786

Share on: