2 matches found
CVE-2021-42897
FeMiner wms v1.0 is affected by CVE-2021-42897. The vulnerability exists in /wms/src/system/datarec.php where the POST parameter $_POST[r_name] is directly passed into $mysqlstr and then executed by exec, enabling remote code execution over the network. The issue is described as a command injecti...
CVE-2021-42897
A remote command execution RCE vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $POSTrname is directly passed into the $mysqlstr and is executed by exec...