FeMiner/wms

FeMiner/wms

Releases0

Stars436

企业仓库管理系统

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-33949 ↗	Feb 17, 2023Friday, 17 February 2023, 18:15	9.8 CRITICAL	—
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.
CVE-2022-4272 ↗	Dec 3, 2022Saturday, 3 December 2022, 09:15	6.3 MEDIUM	—
A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.
CVE-2021-42897 ↗	May 16, 2022Monday, 16 May 2022, 14:15	9.8 CRITICAL	7.5 HIGH
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.
CVE-2020-18106 ↗	Aug 27, 2021Friday, 27 August 2021, 20:15	9.8 CRITICAL	7.5 HIGH
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
CVE-2020-18544 ↗	Jul 12, 2021Monday, 12 July 2021, 20:15	9.8 CRITICAL	7.5 HIGH
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".