An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec...
9.8CVSS
9.6AI Score
0.003EPSS
Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via...
9.8CVSS
9.4AI Score
0.002EPSS
A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The...
9.8CVSS
9.4AI Score
0.006EPSS
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by...
9.8CVSS
9.5AI Score
0.003EPSS
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL...
9.8CVSS
9.8AI Score
0.002EPSS
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component...
9.8CVSS
9.9AI Score
0.002EPSS