CVE-2025-5498 | slackero phpwcms up to 1.9.45/1.10.8 Custom Source Tab cnt21.readform.inc.php file_get_contents/is_file cpage_custom deserialization

A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization.

The identification of this vulnerability is CVE-2025-5498. The attack may be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-5498 | slackero phpwcms up to 1.9.45/1.10.8 Custom Source Tab cnt21.readform.inc.php file_get_contents/is_file cpage_custom deserialization

Post correlati

CVE-2024-12595 | AHAthat Plugin up to 1.6 on WordPress REQUEST_URI cross site scripting

CVE-2025-1488 | wpo365 WPO365 Plugin up to 3.2 on WordPress redirect_to

CVE-2025-0344 | leiyuxi cy-fast 1.0 /commpara/listData order sql injection

CVE-2025-22492 | Eaton Foreseer Reporting Software up to 1.5.99 sensitive information