Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2021-33949

Disclosure Date: February 17, 2023 (last updated October 08, 2023)
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-42897

Disclosure Date: May 16, 2022 (last updated February 23, 2025)
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-18106

Disclosure Date: August 27, 2021 (last updated February 23, 2025)
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-18544

Disclosure Date: July 12, 2021 (last updated February 23, 2025)
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0