CVE-2025-39395 – Mojoomla WPAMS SQL Injection

May 19, 2025

CVE ID : CVE-2025-39395

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-39401 – Mojoomla WPAMS Unrestricted File Upload Vulnerability

Next Article CVE-2025-39392 – Mojoomla WPAMS Cross-site Scripting

Highlights

CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

July 29, 2025

CVE ID : CVE-2025-6504

Published : July 29, 2025, 1:15 p.m. | 10 hours, 44 minutes ago

Description : In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.

Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.

This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Double-Edged Sustainability Sword Of AI In Web Design

Top 12 Reasons Enterprises Choose Node.js Development Services for Scalable Growth

GitHub’s coding agent can now be launched from anywhere on platform using new Agents panel

Stop writing tests: Automate fully with Generative AI

I’m a diehard Pixel fan, but I’m not upgrading to the Pixel 10. Here’s why

Google Pixel Watch 4 vs. Samsung Galaxy Watch 8: I compared the two best Androids, and here’s the winner

Get a free Amazon gift card up to $300 when you preorder a new Google Pixel 10 phone – here’s how

Everything announced at Made by Google 2025: Pixel 10 Pro, Fold, Watch 4, and more

Copy Errors as Markdown to Share With AI in Laravel 12.25

Copy Errors as Markdown to Share With AI in Laravel 12.25

Deconstructing the Request Lifecycle in Sitecore Headless – Part 2: SSG and ISR Modes in Next.js

Susan Etlinger, AI Analyst and Industry Watcher on Building Trust

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

Microsoft is investigating Windows 11 KB5063878 SSD data corruption/failure issue

Microsoft Surface Won’t Turn On: 6 Tested Solutions to Fix

CVE-2025-39395 – Mojoomla WPAMS SQL Injection

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

He Hacked McDonald’s for Free Nuggets — What He Found Was Far More Dangerous

Microsoft Teams Gets a 3D Makeover for Events

Building APIs with GraphQL and Flask: A Complete Developer Guide

Community News: Latest PECL Releases (04.08.2025)

CVE-2025-48493 – “Redis AUTH Credentials Exposed in Yii Logs”

CVE-2025-6504 – HDP Server IP Spoofing Via X-Forwarded-For Header

How E.ON saves £10 million annually with AI diagnostics for smart meters powered by Amazon Textract

Kst is a real-time large dataset viewing and plotting tool

7 MCP Server Best Practices for Scalable AI Integrations in 2025

CVE-2025-39395 – Mojoomla WPAMS SQL Injection

Related Posts