Taosir WTCMS SQL Injection Vulnerability in CommentadminController

A critical SQL injection vulnerability has been identified in Taosir WTCMS versions prior to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. The vulnerability exists in the CommentadminController class, specifically within the check, uncheck, and delete functions. The issue arises from improper handling of the 'ids' parameter, allowing remote attackers to execute arbitrary SQL commands by exploiting the application's SQL query construction. This vulnerability has been publicly disclosed and is accompanied by a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution on the application's database, potentially leading to data manipulation or disclosure.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the CommentadminController functions that handle the 'ids' parameter. The SQL injection can be executed by sending crafted POST requests that manipulate the 'ids' parameter, bypassing any expected input validation. This vulnerability can also be exploited using automated tools like SQLMap.