CVE-2025-5498

Exploit

EPSS 0.42%
Veröffentlicht 03.06.2025 13:31:05
Zuletzt bearbeitet 20.01.2026 15:38:18
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

slackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserialization

A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 10

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpwcms ≫ Phpwcms Version < 1.9.46

Phpwcms ≫ Phpwcms Version >= 1.10.2 < 1.10.9

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.332

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.5	2.1	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/slackero/phpwcms/releases/tag/v1.10.9

Release Notes

https://vuldb.com/?id.310913

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.310913

VDB Entry

Permissions Required

https://vuldb.com/?submit.578054

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.578055

Third Party Advisory

VDB Entry

https://github.com/3em0/cve_repo/blob/main/phpwcms/cnt21.readform.inc.php%23file_get_contents.md

Third Party Advisory

Exploit

https://github.com/3em0/cve_repo/blob/main/phpwcms/cnt21.readform.inc.php%23is_file.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-5498

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5498

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5498

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5498