Yuan384

**Name of the Vulnerable Software and Affected Versions** FeMiner wms versions prior to 1.0 **Description** A security issue was identified in FeMiner wms. The issue affects an unknown function within the file `/wms-master/src/basic/depart/depart add bg.php` of the Basic Organizational Structure Module. Manipulating the `Name` argument can lead to SQL injection. The attack can be initiated remotely. The exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Versions prior to 1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.