Primary

Context

FeMiner WMS SQL Injection Vulnerability in inquire_storage_item.php

Vulnerability

A SQL injection vulnerability has been identified in FeMiner WMS version 1.0. This vulnerability allows remote attackers to access sensitive information by injecting malicious SQL into the 'itemid' parameter of the 'inquire_storage_item.php' file.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to unauthorized data access or manipulation in the application's database.

Reproduction

The vulnerability can be reproduced by sending a crafted request to 'inquire_storage_item.php' with an injected SQL payload in the 'itemid' parameter. This can be done using a tool like SQLMap, targeting a local instance of the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FeMiner WMS SQL Injection Vulnerability in inquire_storage_item.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating