Vulnerability Description
A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpwcms | Phpwcms | < 1.10.8 |
Related Weaknesses (CWE)
References
- https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20pExploitThird Party Advisory
- https://github.com/slackero/phpwcms/commit/41a72eca0baa9d9d0214fec97db2400bc082d
- https://github.com/slackero/phpwcms/releases/tag/v1.10.9Release Notes
- https://vuldb.com/?ctiid.310912Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.310912Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.577999Third Party AdvisoryVDB Entry
- https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20pExploitThird Party Advisory
FAQ
What is CVE-2025-5497?
CVE-2025-5497 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component ...
How severe is CVE-2025-5497?
CVE-2025-5497 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5497?
Check the references section above for vendor advisories and patch information. Affected products include: Phpwcms Phpwcms.