CVE-2026-3969 | FeMiner wms up to 1.0 Basic Organizational Structure depart_add_bg.php Name sql injection

A vulnerability marked as critical has been reported in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection.

This vulnerability was named CVE-2026-3969. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3969 | FeMiner wms up to 1.0 Basic Organizational Structure depart_add_bg.php Name sql injection

Post correlati

CVE-2024-30891 | Tenda AC18 15.03.05.05 /goform/exeCommand cmdinput command injection

CVE-2025-24357 | vLLM up to 0.6.x weight_utils.py weights_only deserialization

CVE-2024-21703 | Atlassian Confluence Data Center/Confluence Server on Windows information disclosure

CVE-2024-25897 | ChurchCRM 5.5.0 GET Parameter FRCatalog.php CurrentFundraiser sql injection