PT-2026-3367 · Unknown · Feminer Wms
Wangchaoxing
·
Published
2026-01-17
·
Updated
2026-02-06
·
CVE-2026-1059
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FeMiner wms versions prior to 9cad1f1b179a98b9547fd003c23b07c7594775fa
Description
A security issue exists in FeMiner wms. The manipulation of the
Username argument in the file /src/chkuser.php can lead to SQL injection. This attack can be carried out remotely. The exploit has been publicly disclosed.Recommendations
Update FeMiner wms to version 9cad1f1b179a98b9547fd003c23b07c7594775fa or later.
Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Feminer Wms