PT-2025-23614 · Phpcms · Phpcms
Dem0
·
Published
2025-06-03
·
Updated
2026-01-20
·
CVE-2025-5499
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
slackero phpwcms versions 1.9.45 and earlier, slackero phpwcms versions 1.10.8 and earlier
Description
A critical vulnerability has been found in the function
is file/getimagesize of the file image resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely.Recommendations
For slackero phpwcms versions 1.9.45 and earlier, upgrade to version 1.9.46.
For slackero phpwcms versions 1.10.8 and earlier, upgrade to version 1.10.9.
Exploit
Fix
Deserialization of Untrusted Data
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpcms