CVE-2025-5497

Name of the Vulnerable Software and Affected Versions phpwcms versions 1.9.45 through 1.10.8

Description A critical vulnerability was found in the Feedimport Module of phpwcms, affecting unknown code in the file include/inc module/mod feedimport/inc/processing.inc.php. The manipulation of the cnt text argument leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations To address this issue, upgrade to version 1.9.46 or 1.10.9. As a temporary workaround, consider restricting access to the Feedimport Module until the issue is resolved. Avoid using the cnt text argument in the affected module until the issue is resolved.