Vulnerabilities > WMS Project > WMS > 1.0

DATE CVE VULNERABILITY TITLE RISK
2021-08-27 CVE-2020-18106 SQL Injection vulnerability in WMS Project WMS 1.0
The GET parameter "id" in WMS v1.0 is passed without filtering, which allows attackers to perform SQL injection.
network
low complexity
wms-project CWE-89
critical
 9.8
9.8
2021-07-12 CVE-2020-18544 SQL Injection vulnerability in WMS Project WMS 1.0
SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php".
network
low complexity
wms-project CWE-89
critical
 9.8
9.8