The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
9.8CVSS
9.8AI Score
0.002EPSS
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
9.8CVSS
9.9AI Score
0.002EPSS
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.
9.8CVSS
9.6AI Score
0.003EPSS