CVE-2025-5497

Summary

A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
slackerophpwcms1.9.0affected
slackerophpwcms1.9.1affected
slackerophpwcms1.9.2affected
slackerophpwcms1.9.3affected
slackerophpwcms1.9.4affected
slackerophpwcms1.9.5affected
slackerophpwcms1.9.6affected
slackerophpwcms1.9.7affected
slackerophpwcms1.9.8affected
slackerophpwcms1.9.9affected
slackerophpwcms1.9.10affected
slackerophpwcms1.9.11affected
slackerophpwcms1.9.12affected
slackerophpwcms1.9.13affected
slackerophpwcms1.9.14affected
slackerophpwcms1.9.15affected
slackerophpwcms1.9.16affected
slackerophpwcms1.9.17affected
slackerophpwcms1.9.18affected
slackerophpwcms1.9.19affected
slackerophpwcms1.9.20affected
slackerophpwcms1.9.21affected
slackerophpwcms1.9.22affected
slackerophpwcms1.9.23affected
slackerophpwcms1.9.24affected
slackerophpwcms1.9.25affected
slackerophpwcms1.9.26affected
slackerophpwcms1.9.27affected
slackerophpwcms1.9.28affected
slackerophpwcms1.9.29affected
slackerophpwcms1.9.30affected
slackerophpwcms1.9.31affected
slackerophpwcms1.9.32affected
slackerophpwcms1.9.33affected
slackerophpwcms1.9.34affected
slackerophpwcms1.9.35affected
slackerophpwcms1.9.36affected
slackerophpwcms1.9.37affected
slackerophpwcms1.9.38affected
slackerophpwcms1.9.39affected
slackerophpwcms1.9.40affected
slackerophpwcms1.9.41affected
slackerophpwcms1.9.42affected
slackerophpwcms1.9.43affected
slackerophpwcms1.9.44affected
slackerophpwcms1.9.45affected
slackerophpwcms1.10.0affected
slackerophpwcms1.10.1affected
slackerophpwcms1.10.2affected
slackerophpwcms1.10.3affected
slackerophpwcms1.10.4affected
slackerophpwcms1.10.5affected
slackerophpwcms1.10.6affected
slackerophpwcms1.10.7affected
slackerophpwcms1.10.8affected
slackerophpwcms1.9.46unaffected
slackerophpwcms1.10.9unaffected

Weaknesses

  • CWE-502: Deserialization
  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References