Aggregates CVE and security vulnerability intelligence across all feminer_wms_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk path handling and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-25997 | Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. | [email protected] | 7.5 | 0.99% | 2025-02-14 | 2026-06-17 |
| CVE-2025-25994 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id. | [email protected] | 7.5 | 0.46% | 2025-02-14 | 2026-06-17 |
| CVE-2025-25993 | SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter "itemid." | [email protected] | 5.1 | 0.25% | 2025-02-14 | 2026-06-17 |
| CVE-2025-25992 | SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component. | [email protected] | 5.1 | 0.25% | 2025-02-14 | 2026-06-17 |
| CVE-2021-42897 | A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. | [email protected] | 9.8 | 2.38% | 2022-05-16 | 2026-06-17 |