CVE-2025-5497

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-5497
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5497.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-5497
Published
2025-06-03T13:15:21.310Z
Modified
2026-04-10T05:30:42.284947Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/incmodule/modfeedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/slackero/phpwcms

Affected ranges

Type
GIT
Repo
https://github.com/slackero/phpwcms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1139a7f2b24ef44d90abf7dbb6c17b794d7ff295
Fixed
41a72eca0baa9d9d0214fec97db2400bc082d2a9
Fixed
d6f8c5c7df18158f6c6d762cc3883b53783c9028
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.10.8"
        }
    ]
}

Affected versions

phpwcms-1.*
phpwcms-1.6.529
phpwcms-1.6.531
phpwcms-1.7.0
phpwcms-1.7.1
phpwcms-1.7.2
phpwcms-1.7.3
phpwcms-1.7.4
phpwcms-1.7.5
phpwcms-1.7.6
phpwcms-1.7.7
phpwcms-1.7.9
phpwcms-1.8.0
phpwcms-1.8.0-RC1
phpwcms-1.8.0-RC2
phpwcms-1.8.1
phpwcms-1.8.2
phpwcms-1.8.3
phpwcms-1.8.4
phpwcms-1.9.0-beta.4
phpwcms-1.9.0-beta.5
phpwcms-1.9.0-beta.6
phpwcms-1.9.0-beta.7
phpwcms-1.9.0-rc.1
phpwcms-1.9.0-rc.2
phpwcms-1.9.2
phpwcms-1.9.3
phpwcms-1.9.5
phpwcms-1.9.6
phpwcms-1.9.7-dev
phpwcms-1.9.7-rc.1
phpwcms-1.9.7-rc.2
phpwcms-1.9.7-rc.3
phpwmcs-1.*
phpwmcs-1.9.0-beta.8
v1.*
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.10.8
v1.9.11
v1.9.12
v1.9.13
v1.9.15
v1.9.16
v1.9.17
v1.9.18
v1.9.19
v1.9.20
v1.9.21
v1.9.22
v1.9.23
v1.9.24
v1.9.25
v1.9.26
v1.9.27
v1.9.28
v1.9.29
v1.9.30
v1.9.32
v1.9.33
v1.9.34
v1.9.35
v1.9.36
v1.9.37
v1.9.38
v1.9.7
v1.9.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5497.json"