Nixpkgs security tracker

Permalink CVE-2026-3969

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

FeMiner wms Basic Organizational Structure depart_add_bg.php sql injection

A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-350404 | FeMiner wms Basic Organizational Structure depart_add_bg.php sql injection vdb-entrytechnical-description
VDB-350404 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #768977 | https://github.com/FeMiner/wms Enterprise Warehouse Management System V1.0 SQL Injection third-party-advisory
https://github.com/yuan384/cve/issues/3 exploitissue-tracking

Affected products

wms

==1.0

Matching in nixpkgs

pkgs.dockapps.wmsm-app

System monitor for Windowmaker

nixos-unstable 2023-10-11
- nixpkgs-unstable 2023-10-11
- nixos-unstable-small 2023-10-11
nixos-25.11 2023-10-11
- nixos-25.11-small 2023-10-11
- nixpkgs-25.11-darwin 2023-10-11