CVE-2025-5499 | slackero phpwcms up to 1.9.45/1.10.8 image_resized.php is_file/getimagesize imgfile deserialization

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization.

This vulnerability is traded as CVE-2025-5499. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-5499 | slackero phpwcms up to 1.9.45/1.10.8 image_resized.php is_file/getimagesize imgfile deserialization

Post correlati

CVE-2023-51931 | URLite 3.1.0 parsing denial of service

CVE-2024-37564 | PayPlus Payment Gateway Plugin up to 7.0.7 on WordPress sql injection

CVE-2024-22106 | Mitsubishi Electric CPU Module Logging Configuration Tool privileges management (icsa-24-135-04)

CVE-2024-38457 | Xenforo up to 2.2.15 cross-site request forgery