A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function
is_file/getimagesize
of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization.
This vulnerability is traded as CVE-2025-5499. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.