Primary

Context

taosir WTCMS Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in taosir WTCMS versions prior to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. The issue arises in the 'fetch' function of 'index.php', where improper handling of the 'content' parameter allows for code injection. This vulnerability can be exploited remotely, without authentication.

Impact

Exploitation of this vulnerability allows for arbitrary PHP code execution on the server.

Reproduction

To reproduce this vulnerability, send a GET request to 'index.php' with the 'a' parameter set to 'fetch' and the 'content' parameter containing malicious PHP code. The injected code will be executed on the server.

Added: Nov 30, 2025, 9:17 AM

Updated: Nov 30, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

taosir WTCMS Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

taosir WTCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating