Primary

Context

FeMiner WMS SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in FeMiner WMS version 1.0. This vulnerability allows remote attackers to access sensitive information by injecting malicious SQL into the 'date1', 'date2', and 'id' parameters of the 'inquire_inout_receipt.php' script.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries, potentially leading to unauthorized data access or modification.

Reproduction

To reproduce this vulnerability, send a request to '/test/inquire_inout_receipt.php' with the 'option' parameter set to 'date' or one of several other options, and inject a SQL payload into the 'date1', 'date2', or 'id' parameters. The injected SQL payload can include commands such as 'SELECT' combined with 'SLEEP' to demonstrate the injection.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FeMiner WMS SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

FeMiner wms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating