CVE-2025-5499 | slackero phpwcms up to 1.9.45/1.10.8 image_resized.php is_file/getimagesize imgfile deserialization

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization.

This vulnerability is traded as CVE-2025-5499. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-5499 | slackero phpwcms up to 1.9.45/1.10.8 image_resized.php is_file/getimagesize imgfile deserialization

Post correlati

CVE-2025-0908 | Tracker Software PDF-XChange Editor U3D File Parser out-of-bounds

CVE-2024-5788 | Silesia Plugin up to 1.0.6 on WordPress Button Shortcode cross site scripting

CVE-2023-48791 | Fortinet FortiPortal up to 7.0.6/7.2.0 Schedule System Backup Page command injection (FG-IR-23-425)

CVE-2024-35114 | IBM Control Center 6.2.1/6.3.1 observable response discrepancy