VYPR

wms

by Feminer

CVEs (11)

  • CVE-2021-33949CriFeb 17, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.

  • CVE-2021-42897CriMay 16, 2022
    risk 0.64cvss 9.8epss 0.02

    A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.

  • CVE-2020-18106CriAug 27, 2021
    risk 0.64cvss 9.8epss 0.01

    The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.

  • CVE-2020-18544CriJul 12, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".

  • CVE-2025-25997HigFeb 14, 2025
    risk 0.49cvss 7.5epss 0.01

    Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.

  • CVE-2025-25994HigFeb 14, 2025
    risk 0.49cvss 7.5epss 0.00

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.

  • CVE-2026-3969HigMar 12, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The…

  • CVE-2026-1059HigJan 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injection. The attack is…

  • CVE-2022-4272MedDec 3, 2022
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched…

  • CVE-2025-25993MedFeb 14, 2025
    risk 0.33cvss 5.1epss 0.00

    SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."

  • CVE-2025-25992MedFeb 14, 2025
    risk 0.33cvss 5.1epss 0.00

    SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.