PT-2025-22108 · Mojoomla · Wpams
Trương Hữu Phúc
·
Published
2025-05-19
·
Updated
2025-05-19
·
CVE-2025-39402
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
mojoomla WPAMS versions prior to 44.0
Description:
The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential control of the server.
Recommendations:
For versions prior to 44.0, update to a version that includes a fix for this issue, as using an older version poses a significant risk due to the possibility of uploading malicious files, including web shells, to the web server.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpams