3 matches found
CVE-2021-33949
The CVE-2021-33949 entry affects FeMiner WMS v1.1 and enables arbitrary code execution via the filename parameter and the exec function. Multiple connected sources (NVD entry, Red Hat advisory, CNNVD, CVE records) corroborate the issue, describing a remote code execution vulnerability with high i...
CVE-2020-18106
CVE-2020-18106 affects WMS v1.0 where the GET parameter id is passed without filtering, enabling SQL injection. Root cause: unsanitized id parameter in WMS v1.0. Documented impact indicates attacker could obtain sensitive database information; exploitation status is not detailed in the provided s...
CVE-2020-18544
CVE-2020-18544 affects WMS v1.0, where a SQL injection in chkuser.php via the username parameter allows remote attackers to execute arbitrary code. Root cause: improper handling of user input in the login/component path leads to SQL injection. Documented impact indicates potential arbitrary code ...