Critical Vulnerability Information Vulnerability Title: wtcms cms 1.0 SQL Injection Description: A critical SQL injection vulnerability exists in the function of the class in . This vulnerability arises from insufficient neutralization of the parameter within SQL commands. The code directly concatenates user-supplied input from the array into SQL queries without employing parameterized queries or proper sanitization, enabling attackers to execute arbitrary SQL commands on the underlying database. Source: https://www.yuque.com/shangu-vvuup/ydpg69/mllybdhd2gevo0phu?singleDoc#《SQL Injection Vulnerability in WTCMS 1.0》 Submitter: sT1TcH (UID 91291) Submission Date: November 4, 2025, at 2:25 PM (30 days prior) Review Date: November 29, 2025, at 1:55 AM (25 days later) Status: Duplicate VulDB Entry: 333787 [taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 CommentadminController CommentadminController.class.php check/uncheck/delete ids sql injection] Points: 0