Feminer Wms Project

feminer_wms_project

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25997 1Feminer Wms Project 1Feminer Wms May 13, 2025 Feb 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.
CVE-2025-25994 1Feminer Wms Project 1Feminer Wms May 2, 2025 Feb 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.
CVE-2025-25993 1Feminer Wms Project 1Feminer Wms May 2, 2025 Feb 14, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."
CVE-2025-25992 1Feminer Wms Project 1Feminer Wms May 2, 2025 Feb 14, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.
CVE-2021-42897 1Feminer Wms Project 1Feminer Wms Nov 21, 2024 May 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.