VYPR
Unrated severityNVD Advisory· Published Feb 24, 2026· Updated Feb 24, 2026

PHP Function Injection in Slican NPC/IPL/IPM/IPU

CVE-2025-14577

Description

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint.

This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Slican/NCPllm-create
    Range: <1.24.0190
  • Slican/IPLllm-create
    Range: <6.61.0010
  • Slican/IPMllm-create
    Range: <6.61.0010
  • Slican/Ipullm-fuzzy2 versions
    <6.61.0010+ 1 more
    • (no CPE)range: <6.61.0010
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.