Vulnerability Description
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpwcms | Phpwcms | < 1.9.46 |
Related Weaknesses (CWE)
References
- https://github.com/3em0/cve_repo/blob/main/phpwcms/cnt21.readform.inc.php%23fileExploitThird Party Advisory
- https://github.com/3em0/cve_repo/blob/main/phpwcms/cnt21.readform.inc.php%23is_fExploitThird Party Advisory
- https://github.com/slackero/phpwcms/releases/tag/v1.10.9Release Notes
- https://vuldb.com/?ctiid.310913Permissions RequiredVDB Entry
- https://vuldb.com/?id.310913Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.578054Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.578055Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-5498?
CVE-2025-5498 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.re...
How severe is CVE-2025-5498?
CVE-2025-5498 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5498?
Check the references section above for vendor advisories and patch information. Affected products include: Phpwcms Phpwcms.