{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5497", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-03T05:14:32.944Z", "datePublished": "2025-06-03T13:00:16.567Z", "dateUpdated": "2025-06-03T14:45:34.792Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-03T13:00:16.567Z"}, "title": "slackero phpwcms Feedimport Module processing.inc.php deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "Deserialization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "Improper Input Validation"}]}], "affected": [{"vendor": "slackero", "product": "phpwcms", "versions": [{"version": "1.9.0", "status": "affected"}, {"version": "1.9.1", "status": "affected"}, {"version": "1.9.2", "status": "affected"}, {"version": "1.9.3", "status": "affected"}, {"version": "1.9.4", "status": "affected"}, {"version": "1.9.5", "status": "affected"}, {"version": "1.9.6", "status": "affected"}, {"version": "1.9.7", "status": "affected"}, {"version": "1.9.8", "status": "affected"}, {"version": "1.9.9", "status": "affected"}, {"version": "1.9.10", "status": "affected"}, {"version": "1.9.11", "status": "affected"}, {"version": "1.9.12", "status": "affected"}, {"version": "1.9.13", "status": "affected"}, {"version": "1.9.14", "status": "affected"}, {"version": "1.9.15", "status": "affected"}, {"version": "1.9.16", "status": "affected"}, {"version": "1.9.17", "status": "affected"}, {"version": "1.9.18", "status": "affected"}, {"version": "1.9.19", "status": "affected"}, {"version": "1.9.20", "status": "affected"}, {"version": "1.9.21", "status": "affected"}, {"version": "1.9.22", "status": "affected"}, {"version": "1.9.23", "status": "affected"}, {"version": "1.9.24", "status": "affected"}, {"version": "1.9.25", "status": "affected"}, {"version": "1.9.26", "status": "affected"}, {"version": "1.9.27", "status": "affected"}, {"version": "1.9.28", "status": "affected"}, {"version": "1.9.29", "status": "affected"}, {"version": "1.9.30", "status": "affected"}, {"version": "1.9.31", "status": "affected"}, {"version": "1.9.32", "status": "affected"}, {"version": "1.9.33", "status": "affected"}, {"version": "1.9.34", "status": "affected"}, {"version": "1.9.35", "status": "affected"}, {"version": "1.9.36", "status": "affected"}, {"version": "1.9.37", "status": "affected"}, {"version": "1.9.38", "status": "affected"}, {"version": "1.9.39", "status": "affected"}, {"version": "1.9.40", "status": "affected"}, {"version": "1.9.41", "status": "affected"}, {"version": "1.9.42", "status": "affected"}, {"version": "1.9.43", "status": "affected"}, {"version": "1.9.44", "status": "affected"}, {"version": "1.9.45", "status": "affected"}, {"version": "1.10.0", "status": "affected"}, {"version": "1.10.1", "status": "affected"}, {"version": "1.10.2", "status": "affected"}, {"version": "1.10.3", "status": "affected"}, {"version": "1.10.4", "status": "affected"}, {"version": "1.10.5", "status": "affected"}, {"version": "1.10.6", "status": "affected"}, {"version": "1.10.7", "status": "affected"}, {"version": "1.10.8", "status": "affected"}], "modules": ["Feedimport Module"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In slackero phpwcms bis 1.9.45/1.10.8 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei include/inc_module/mod_feedimport/inc/processing.inc.php der Komponente Feedimport Module. Durch Manipulieren des Arguments cnt_text mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.9.46 and 1.10.9 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-06-03T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-03T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-03T07:19:42.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Dem0 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.310912", "name": "VDB-310912 | slackero phpwcms Feedimport Module processing.inc.php deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310912", "name": "VDB-310912 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.577999", "name": "Submit #577999 | phpwcms 1.10.8 phar deserialization vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md", "tags": ["exploit"]}, {"url": "https://github.com/slackero/phpwcms/releases/tag/v1.10.9", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-03T14:45:18.581475Z", "id": "CVE-2025-5497", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:45:34.792Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5497", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-03T14:45:18.581475Z"}}}], "references": [{"url": "https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:45:28.330Z"}}], "cna": {"title": "slackero phpwcms Feedimport Module processing.inc.php deserialization", "credits": [{"lang": "en", "type": "reporter", "value": "Dem0 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "slackero", "modules": ["Feedimport Module"], "product": "phpwcms", "versions": [{"status": "affected", "version": "1.9.0"}, {"status": "affected", "version": "1.9.1"}, {"status": "affected", "version": "1.9.2"}, {"status": "affected", "version": "1.9.3"}, {"status": "affected", "version": "1.9.4"}, {"status": "affected", "version": "1.9.5"}, {"status": "affected", "version": "1.9.6"}, {"status": "affected", "version": "1.9.7"}, {"status": "affected", "version": "1.9.8"}, {"status": "affected", "version": "1.9.9"}, {"status": "affected", "version": "1.9.10"}, {"status": "affected", "version": "1.9.11"}, {"status": "affected", "version": "1.9.12"}, {"status": "affected", "version": "1.9.13"}, {"status": "affected", "version": "1.9.14"}, {"status": "affected", "version": "1.9.15"}, {"status": "affected", "version": "1.9.16"}, {"status": "affected", "version": "1.9.17"}, {"status": "affected", "version": "1.9.18"}, {"status": "affected", "version": "1.9.19"}, {"status": "affected", "version": "1.9.20"}, {"status": "affected", "version": "1.9.21"}, {"status": "affected", "version": "1.9.22"}, {"status": "affected", "version": "1.9.23"}, {"status": "affected", "version": "1.9.24"}, {"status": "affected", "version": "1.9.25"}, {"status": "affected", "version": "1.9.26"}, {"status": "affected", "version": "1.9.27"}, {"status": "affected", "version": "1.9.28"}, {"status": "affected", "version": "1.9.29"}, {"status": "affected", "version": "1.9.30"}, {"status": "affected", "version": "1.9.31"}, {"status": "affected", "version": "1.9.32"}, {"status": "affected", "version": "1.9.33"}, {"status": "affected", "version": "1.9.34"}, {"status": "affected", "version": "1.9.35"}, {"status": "affected", "version": "1.9.36"}, {"status": "affected", "version": "1.9.37"}, {"status": "affected", "version": "1.9.38"}, {"status": "affected", "version": "1.9.39"}, {"status": "affected", "version": "1.9.40"}, {"status": "affected", "version": "1.9.41"}, {"status": "affected", "version": "1.9.42"}, {"status": "affected", "version": "1.9.43"}, {"status": "affected", "version": "1.9.44"}, {"status": "affected", "version": "1.9.45"}, {"status": "affected", "version": "1.10.0"}, {"status": "affected", "version": "1.10.1"}, {"status": "affected", "version": "1.10.2"}, {"status": "affected", "version": "1.10.3"}, {"status": "affected", "version": "1.10.4"}, {"status": "affected", "version": "1.10.5"}, {"status": "affected", "version": "1.10.6"}, {"status": "affected", "version": "1.10.7"}, {"status": "affected", "version": "1.10.8"}]}], "timeline": [{"lang": "en", "time": "2025-06-03T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-03T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-03T07:19:42.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.310912", "name": "VDB-310912 | slackero phpwcms Feedimport Module processing.inc.php deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310912", "name": "VDB-310912 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.577999", "name": "Submit #577999 | phpwcms 1.10.8 phar deserialization vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md", "tags": ["exploit"]}, {"url": "https://github.com/slackero/phpwcms/releases/tag/v1.10.9", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In slackero phpwcms bis 1.9.45/1.10.8 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei include/inc_module/mod_feedimport/inc/processing.inc.php der Komponente Feedimport Module. Durch Manipulieren des Arguments cnt_text mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.9.46 and 1.10.9 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-03T13:00:16.567Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5497", "state": "PUBLISHED", "dateUpdated": "2025-06-03T14:45:34.792Z", "dateReserved": "2025-06-03T05:14:32.944Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-03T13:00:16.567Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpwcms:phpwcms:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F992C50-311D-4BD2-9410-F53E6FCC5CBB", "versionEndExcluding": "1.10.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en slackero phpwcms hasta la versi\u00f3n 1.9.45/1.10.8. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo include/inc_module/mod_feedimport/inc/processing.inc.php del componente Feedimport Module. La manipulaci\u00f3n del argumento cnt_text provoca la deserializaci\u00f3n. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a las versiones 1.9.46 y 1.10.9 puede solucionar este problema. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-5497", "lastModified": "2025-06-13T19:44:32.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-03T13:15:21.310", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md"}, {"source": "cna@vuldb.com", "tags": ["Release Notes"], "url": "https://github.com/slackero/phpwcms/releases/tag/v1.10.9"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.310912"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.310912"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.577999"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/3em0/cve_repo/blob/main/phpwcms/phar%20vulnerability%20in%20phpwcms.md"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}