Vulnerabilities > WMS Project

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2021-33949 Unspecified vulnerability in WMS Project WMS 1.1
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.
network
low complexity
wms-project
critical
9.8
2021-08-27 CVE-2020-18106 SQL Injection vulnerability in WMS Project WMS 1.0
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
network
low complexity
wms-project CWE-89
critical
9.8
2021-07-12 CVE-2020-18544 SQL Injection vulnerability in WMS Project WMS 1.0
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
network
low complexity
wms-project CWE-89
critical
9.8