PT-2026-3367 · Unknown · Feminer Wms
Wangchaoxing
·
Publicado
2026-01-17
·
Atualizado
2026-02-06
·
CVE-2026-1059
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FeMiner wms versions prior to 9cad1f1b179a98b9547fd003c23b07c7594775fa
Description
A security issue exists in FeMiner wms. The manipulation of the
Username argument in the file /src/chkuser.php can lead to SQL injection. This attack can be carried out remotely. The exploit has been publicly disclosed.Recommendations
Update FeMiner wms to version 9cad1f1b179a98b9547fd003c23b07c7594775fa or later.
Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Feminer Wms