CVE-2026-3969 in wms
Summary
by MITRE • 03/12/2026
A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart_add_bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/17/2026
The vulnerability identified as CVE-2026-3969 represents a critical sql injection flaw within the FeMiner wms version 1.0 software system. This vulnerability specifically targets the Basic Organizational Structure Module, which is a fundamental component responsible for managing organizational hierarchy and related data structures. The affected file depart_add_bg.php operates within the wms-master/src/basic/depart/ directory structure, indicating this is part of a broader organizational management system that handles departmental configurations and background data processing. The vulnerability manifests when an attacker manipulates the Name argument parameter, which suggests this field is directly incorporated into sql query construction without adequate input sanitization or parameterization.
The technical exploitation of this vulnerability occurs through remote manipulation of the Name argument, which allows attackers to inject malicious sql code into the database query execution process. This type of injection attack leverages the lack of proper input validation and sanitization mechanisms within the application's data handling procedures. The vulnerability's classification as a sql injection flaw aligns with CWE-89, which specifically addresses improper neutralization of special elements used in sql commands, and represents a fundamental weakness in the application's database interaction layer. Attackers can potentially extract sensitive data, modify organizational structures, or gain unauthorized access to the underlying database system through this vector.
The operational impact of this vulnerability extends beyond simple data corruption or information disclosure. Remote exploitation capabilities mean that attackers can target the system from external networks without requiring physical access or prior authentication. This creates significant risk for organizations relying on FeMiner wms for their organizational management needs, as successful exploitation could lead to complete compromise of the departmental structure data, potential credential theft, and unauthorized modification of organizational hierarchies. The public availability of the exploit increases the likelihood of widespread exploitation, making this vulnerability particularly dangerous for unpatched systems. Organizations may face regulatory compliance issues if sensitive organizational data is compromised, and the attack surface extends to any system component that relies on the affected module's data integrity.
The lack of vendor response to early disclosure attempts represents a critical failure in the vulnerability management lifecycle, leaving organizations exposed without official patches or mitigation guidance. This situation aligns with ATT&CK technique T1190, which describes the exploitation of vulnerabilities in remote services, and highlights the importance of coordinated disclosure processes. Organizations should implement immediate mitigations including network segmentation to limit access to the vulnerable module, input validation measures to prevent malicious argument injection, and monitoring for suspicious database query patterns. Additional defensive measures should include disabling unnecessary remote access to the application, implementing web application firewalls to detect sql injection attempts, and conducting comprehensive vulnerability assessments of the entire FeMiner wms installation. The public exploit availability necessitates immediate action regardless of the organization's current risk assessment, as the window for exploitation is likely already open and active within the threat landscape.