Remote Code Execution in FeMiner WMS by FeMiner
CVE-2021-42897

9.8CRITICAL

Key Information:

Vendor: Feminer Wms Project
Status: Feminer Wms
Vendor: CVE Published:; 16 May 2022

🔔 Create Feminer Wms Project Vulnerability Alert

What is CVE-2021-42897?

A validation oversight in FeMiner WMS V1.0 allows for remote command execution via the datarec.php script. An attacker can exploit this vulnerability by sending crafted requests that manipulate the $_POST[r_name] parameter, which is unsafely integrated into a command string executed by the server. This can lead to serious security breaches, enabling unauthorized access and control over the system.

References

https://github.com/FeMiner/wms/issues/12

x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2022
Vulnerability Reserved
Oct 25, 2021

JSON