Leiyuyu041013

**Name of the Vulnerable Software and Affected Versions** FeMiner wms version V1.0 **Description** A remote command execution issue was found in FeMiner wms. The vulnerability is located in /wms/src/system/datarec.php, where the `r name` variable from the $ POST request is directly passed into the $mysqlstr and executed by the `exec()` function. This allows for potential remote command execution. **Recommendations** For FeMiner wms version V1.0, consider disabling the `exec()` function in the /wms/src/system/datarec.php file until a patch is available. Additionally, restrict access to the `datarec.php` file to minimize the risk of exploitation. Avoid using the `r name` variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.