Feminer
Products
2- 11 CVEs
- 7 CVEs
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3969 | Hig | 0.47 | 7.3 | 0.00 | Mar 12, 2026 | A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The… | ||
| CVE-2026-1059 | Hig | 0.47 | 7.3 | 0.00 | Jan 17, 2026 | A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injection. The attack is… | ||
| CVE-2021-42897 | 0.01 | — | 0.02 | May 16, 2022 | A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. | |||
| CVE-2025-25992 | 0.00 | — | 0.00 | Feb 14, 2025 | SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component. | |||
| CVE-2025-25994 | 0.00 | — | 0.00 | Feb 14, 2025 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id. | |||
| CVE-2025-25997 | 0.00 | — | 0.01 | Feb 14, 2025 | Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. | |||
| CVE-2025-25993 | 0.00 | — | 0.00 | Feb 14, 2025 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid." | |||
| CVE-2024-32210 | 0.00 | — | 0.00 | May 1, 2024 | The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. | |||
| CVE-2024-32213 | 0.00 | — | 0.01 | May 1, 2024 | The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed. | |||
| CVE-2024-3616 | 0.00 | — | 0.01 | Apr 11, 2024 | A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site… | |||
| CVE-2024-3614 | 0.00 | — | 0.01 | Apr 11, 2024 | A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is… | |||
| CVE-2024-3613 | 0.00 | — | 0.01 | Apr 11, 2024 | A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument nama_supplier/alamat_supplier/notelp_supplier leads to… | |||
| CVE-2024-3612 | 0.00 | — | 0.01 | Apr 10, 2024 | A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting.… | |||
| CVE-2021-33949 | 0.00 | — | 0.01 | Feb 17, 2023 | An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. | |||
| CVE-2022-4272 | 0.00 | — | 0.01 | Dec 3, 2022 | A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched… | |||
| CVE-2020-18106 | 0.00 | — | 0.01 | Aug 27, 2021 | The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection. | |||
| CVE-2020-18544 | 0.00 | — | 0.02 | Jul 12, 2021 | SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". |
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injection. The attack is…
- CVE-2021-42897May 16, 2022risk 0.01cvss —epss 0.02
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.
- CVE-2025-25992Feb 14, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.
- CVE-2025-25994Feb 14, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.
- CVE-2025-25997Feb 14, 2025risk 0.00cvss —epss 0.01
Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.
- CVE-2025-25993Feb 14, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."
- CVE-2024-32210May 1, 2024risk 0.00cvss —epss 0.00
The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections.
- CVE-2024-32213May 1, 2024risk 0.00cvss —epss 0.01
The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed.
- CVE-2024-3616Apr 11, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. This vulnerability affects unknown code of the file pengguna.php. The manipulation of the argument admin_user/admin_nama/admin_alamat/admin_telepon leads to cross site…
- CVE-2024-3614Apr 11, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. This affects an unknown part of the file customer.php. The manipulation of the argument nama_customer/alamat_customer/notelp_customer leads to cross site scripting. It is…
- CVE-2024-3613Apr 11, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file supplier.php. The manipulation of the argument nama_supplier/alamat_supplier/notelp_supplier leads to…
- CVE-2024-3612Apr 10, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting.…
- CVE-2021-33949Feb 17, 2023risk 0.00cvss —epss 0.01
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.
- CVE-2022-4272Dec 3, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched…
- CVE-2020-18106Aug 27, 2021risk 0.00cvss —epss 0.01
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
- CVE-2020-18544Jul 12, 2021risk 0.00cvss —epss 0.02
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".