qihang-wms

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-37430	qihang-wms qihang-wms	Hig	0.47	7.3	0.00		May 13, 2026	An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2026-37429	qihang-wms qihang-wms	Med	0.42	6.5	0.00		May 13, 2026	qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII) via a crafted SQL statement.

CVE-2026-37430HigMay 13, 2026
qihang-wms
qihang-wms
risk 0.47cvss 7.3epss 0.00
An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2026-37429MedMay 13, 2026
qihang-wms
qihang-wms
risk 0.42cvss 6.5epss 0.00
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII) via a crafted SQL statement.