Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25997 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-13 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. | |||||
| CVE-2025-25992 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | N/A | 5.1 MEDIUM |
| SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component. | |||||
| CVE-2025-25993 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | N/A | 5.1 MEDIUM |
| SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid." | |||||
| CVE-2025-25994 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-02 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id. | |||||
| CVE-2021-42897 | 1 Feminer Wms Project | 1 Feminer Wms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. | |||||