Wms Security Vulnerabilities

CVE-2021-33949

An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec...

CVE-2022-47635

Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via...

CVE-2022-4272

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The...

CVE-2021-42897

A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by...

CVE-2020-18106

The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL...

CVE-2020-18544

SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component...