Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25997 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-13 | N/A | 7.5 HIGH |
|
Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.
|
|||||
| CVE-2025-25992 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | N/A | 5.1 MEDIUM |
|
SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.
|
|||||
| CVE-2025-25993 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | N/A | 5.1 MEDIUM |
|
SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid."
|
|||||
| CVE-2025-25994 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | N/A | 7.5 HIGH |
|
SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.
|
|||||
| CVE-2021-42897 | 1 Feminer Wms Project | 1 Feminer Wms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.
|
|||||